CWE-824
AllowedAccess of Uninitialized Pointer
Abstraction: Base · Status: Incomplete
The product accesses or uses a pointer that has not been initialized.
451 vulnerabilities reference this CWE, most recent first.
GHSA-464F-8292-RFPH
Vulnerability from github – Published: 2024-03-12 09:30 – Updated: 2024-03-12 09:30An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging functionality.
{
"affected": [],
"aliases": [
"CVE-2024-26004"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-12T09:15:09Z",
"severity": "HIGH"
},
"details": "An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer\u00a0which may prevent or disrupt the charging functionality. ",
"id": "GHSA-464f-8292-rfph",
"modified": "2024-03-12T09:30:42Z",
"published": "2024-03-12T09:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26004"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en/advisories/VDE-2024-011"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4682-4HP2-9F43
Vulnerability from github – Published: 2026-01-13 21:31 – Updated: 2026-01-13 21:31InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2026-21276"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-13T19:16:25Z",
"severity": "HIGH"
},
"details": "InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-4682-4hp2-9f43",
"modified": "2026-01-13T21:31:44Z",
"published": "2026-01-13T21:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21276"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/indesign/apsb26-02.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4683-7MCH-JPWJ
Vulnerability from github – Published: 2025-09-02 21:30 – Updated: 2025-09-02 21:30Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oxford Instruments Imaris Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of IMS files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21657.
{
"affected": [],
"aliases": [
"CVE-2025-9274"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-02T20:15:40Z",
"severity": "HIGH"
},
"details": "Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oxford Instruments Imaris Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of IMS files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21657.",
"id": "GHSA-4683-7mch-jpwj",
"modified": "2025-09-02T21:30:59Z",
"published": "2025-09-02T21:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9274"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-853"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-48H7-CVHW-3W6X
Vulnerability from github – Published: 2022-11-23 15:30 – Updated: 2023-01-23 18:30There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url
{
"affected": [],
"aliases": [
"CVE-2022-42895"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-23T15:15:00Z",
"severity": "MODERATE"
},
"details": "There is an infoleak vulnerability in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url",
"id": "GHSA-48h7-cvhw-3w6x",
"modified": "2023-01-23T18:30:17Z",
"published": "2022-11-23T15:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42895"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e"
},
{
"type": "WEB",
"url": "https://kernel.dance/#b1a2cd50c0357f243b7435a732b4e62ba3157a2e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4F99-P9C2-3J8X
Vulnerability from github – Published: 2021-11-10 18:51 – Updated: 2024-11-07 22:14Impact
The code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr:
import tensorflow as tf
tf.raw_ops.SparseMatMul(
a=[[1.0,1.0,1.0]],
b=[[],[],[]],
transpose_a=False,
transpose_b=False,
a_is_sparse=False,
b_is_sparse=True)
This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation is successful) but nothing should be written to it (that is, we should return early from the kernel implementation). Otherwise, attempts to write to this empty tensor would result in heap OOB access.
Patches
We have patched the issue in GitHub commit e6cf28c72ba2eb949ca950d834dd6d66bb01cfae.
The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41219"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-824"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-08T22:08:27Z",
"nvd_published_at": "2021-11-05T21:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nThe [code for sparse matrix multiplication](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/sparse_matmul_op.cc#L954-L1086) is vulnerable to undefined behavior via binding a reference to `nullptr`:\n\n```python\nimport tensorflow as tf\n \ntf.raw_ops.SparseMatMul(\n a=[[1.0,1.0,1.0]],\n b=[[],[],[]],\n transpose_a=False,\n transpose_b=False,\n a_is_sparse=False, \n b_is_sparse=True)\n```\n\nThis occurs whenever the dimensions of `a` or `b` are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation is successful) but nothing should be written to it (that is, we should return early from the kernel implementation). Otherwise, attempts to write to this empty tensor would result in heap OOB access.\n\n### Patches\nWe have patched the issue in GitHub commit [e6cf28c72ba2eb949ca950d834dd6d66bb01cfae](https://github.com/tensorflow/tensorflow/commit/e6cf28c72ba2eb949ca950d834dd6d66bb01cfae).\n\nThe fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.\n",
"id": "GHSA-4f99-p9c2-3j8x",
"modified": "2024-11-07T22:14:20Z",
"published": "2021-11-10T18:51:51Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41219"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/e6cf28c72ba2eb949ca950d834dd6d66bb01cfae"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-628.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-826.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-411.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Undefined behavior via `nullptr` reference binding in sparse matrix multiplication"
}
GHSA-4P4P-WWW8-8FV9
Vulnerability from github – Published: 2021-05-21 14:25 – Updated: 2024-11-01 17:05Impact
An attacker can trigger undefined behavior by binding to null pointer in tf.raw_ops.ParameterizedTruncatedNormal:
import tensorflow as tf
shape = tf.constant([], shape=[0], dtype=tf.int32)
means = tf.constant((1), dtype=tf.float32)
stdevs = tf.constant((1), dtype=tf.float32)
minvals = tf.constant((1), dtype=tf.float32)
maxvals = tf.constant((1), dtype=tf.float32)
tf.raw_ops.ParameterizedTruncatedNormal(
shape=shape, means=means, stdevs=stdevs, minvals=minvals, maxvals=maxvals)
This is because the implementation does not validate input arguments before accessing the first element of shape:
int32 num_batches = shape_tensor.flat<int32>()(0);
If shape argument is empty, then shape_tensor.flat<T>() is an empty array.
Patches
We have patched the issue in GitHub commit 5e52ef5a461570cfb68f3bdbbebfe972cb4e0fd8.
The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Ying Wang and Yakun Zhang of Baidu X-Team.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29568"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-824"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-18T19:11:12Z",
"nvd_published_at": "2021-05-14T20:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nAn attacker can trigger undefined behavior by binding to null pointer in `tf.raw_ops.ParameterizedTruncatedNormal`:\n\n```python\nimport tensorflow as tf\n \nshape = tf.constant([], shape=[0], dtype=tf.int32)\nmeans = tf.constant((1), dtype=tf.float32)\nstdevs = tf.constant((1), dtype=tf.float32)\nminvals = tf.constant((1), dtype=tf.float32)\nmaxvals = tf.constant((1), dtype=tf.float32)\n \ntf.raw_ops.ParameterizedTruncatedNormal(\n shape=shape, means=means, stdevs=stdevs, minvals=minvals, maxvals=maxvals)\n```\n\nThis is because the [implementation](https://github.com/tensorflow/tensorflow/blob/3f6fe4dfef6f57e768260b48166c27d148f3015f/tensorflow/core/kernels/parameterized_truncated_normal_op.cc#L630) does not validate input arguments before accessing the first element of `shape`:\n\n```cc\nint32 num_batches = shape_tensor.flat\u003cint32\u003e()(0);\n``` \n\nIf `shape` argument is empty, then `shape_tensor.flat\u003cT\u003e()` is an empty array.\n\n### Patches\nWe have patched the issue in GitHub commit [5e52ef5a461570cfb68f3bdbbebfe972cb4e0fd8](https://github.com/tensorflow/tensorflow/commit/5e52ef5a461570cfb68f3bdbbebfe972cb4e0fd8).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information \nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Ying Wang and Yakun Zhang of Baidu X-Team.",
"id": "GHSA-4p4p-www8-8fv9",
"modified": "2024-11-01T17:05:06Z",
"published": "2021-05-21T14:25:19Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4p4p-www8-8fv9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29568"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/5e52ef5a461570cfb68f3bdbbebfe972cb4e0fd8"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-496.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-694.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-205.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Reference binding to null in `ParameterizedTruncatedNormal`"
}
GHSA-4Q24-RV9C-M9WM
Vulnerability from github – Published: 2022-04-29 01:27 – Updated: 2022-04-29 01:27ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault).
{
"affected": [],
"aliases": [
"CVE-2003-1201"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2003-03-20T05:00:00Z",
"severity": "MODERATE"
},
"details": "ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault).",
"id": "GHSA-4q24-rv9c-m9wm",
"modified": "2022-04-29T01:27:40Z",
"published": "2022-04-29T01:27:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-1201"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12520"
},
{
"type": "WEB",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000685"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/11261"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/9203"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-200403-12.xml"
},
{
"type": "WEB",
"url": "http://www.openldap.org/its/index.cgi?findid=2390"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/17000"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/7656"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4Q6J-QGRQ-8X6X
Vulnerability from github – Published: 2025-08-12 21:31 – Updated: 2025-08-12 21:31InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-54207"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-12T21:15:39Z",
"severity": "HIGH"
},
"details": "InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-4q6j-qgrq-8x6x",
"modified": "2025-08-12T21:31:22Z",
"published": "2025-08-12T21:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54207"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/indesign/apsb25-79.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4RPC-XHHQ-H2CQ
Vulnerability from github – Published: 2023-03-29 21:30 – Updated: 2023-04-07 15:30This vulnerability allows remote attackers to execute arbitrary code on affected installations of IronCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of STP files. When parsing the VECTOR element, the process does not properly initialize a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17672.
{
"affected": [],
"aliases": [
"CVE-2022-43609"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-29T19:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IronCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of STP files. When parsing the VECTOR element, the process does not properly initialize a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17672.",
"id": "GHSA-4rpc-xhhq-h2cq",
"modified": "2023-04-07T15:30:40Z",
"published": "2023-03-29T21:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43609"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1467"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4VM9-9998-95C3
Vulnerability from github – Published: 2022-05-13 01:35 – Updated: 2022-05-13 01:35This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Node objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5411.
{
"affected": [],
"aliases": [
"CVE-2018-10484"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-17T15:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Node objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5411.",
"id": "GHSA-4vm9-9998-95c3",
"modified": "2022-05-13T01:35:03Z",
"published": "2022-05-13T01:35:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10484"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-394"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.