CWE-457
AllowedUse of Uninitialized Variable
Abstraction: Variant · Status: Draft
The code uses a variable that has not been initialized, leading to unpredictable or unintended results.
298 vulnerabilities reference this CWE, most recent first.
CVE-2023-50188 (GCVE-0-2023-50188)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:14 – Updated: 2024-08-02 22:09- CWE-457 - Use of Uninitialized Variable
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Trimble | SketchUp Viewer |
Affected:
22.0.354
|
|
| trimble | sketchup_viewer |
Affected:
22.0.354
cpe:2.3:a:trimble:sketchup_viewer:22.0.354:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trimble:sketchup_viewer:22.0.354:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sketchup_viewer",
"vendor": "trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T13:20:03.535108Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:52.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1838",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1838/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"dateAssigned": "2023-12-05T19:37:59.483Z",
"datePublic": "2023-12-20T20:56:21.852Z",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20792."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:15.489Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1838",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1838/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50188",
"datePublished": "2024-05-03T02:14:15.489Z",
"dateReserved": "2023-12-05T16:15:17.537Z",
"dateUpdated": "2024-08-02T22:09:49.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42079 (GCVE-0-2023-42079)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:12 – Updated: 2024-08-02 19:16- CWE-457 - Use of Uninitialized Variable
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://www.tracker-software.com/support/security… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| PDF-XChange | PDF-XChange Editor |
Affected:
10.0.1.371
|
|
| pdf-xchange | pdf-xchange_editor |
Affected:
10.0.1.371
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.0.1.371:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.0.1.371:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf-xchange_editor",
"vendor": "pdf-xchange",
"versions": [
{
"status": "affected",
"version": "10.0.1.371"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T18:08:24.527781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:25:40.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:16:50.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1380",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1380/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.tracker-software.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF-XChange Editor",
"vendor": "PDF-XChange",
"versions": [
{
"status": "affected",
"version": "10.0.1.371"
}
]
}
],
"dateAssigned": "2023-09-06T21:25:45.253Z",
"datePublic": "2023-09-08T16:30:29.722Z",
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of J2K files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21851."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:12:56.230Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1380",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1380/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.tracker-software.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-42079",
"datePublished": "2024-05-03T02:12:56.230Z",
"dateReserved": "2023-09-06T21:13:00.550Z",
"dateUpdated": "2024-08-02T19:16:50.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42062 (GCVE-0-2023-42062)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:12 – Updated: 2024-08-02 19:16- CWE-457 - Use of Uninitialized Variable
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://www.tracker-software.com/support/security… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| PDF-XChange | PDF-XChange Editor |
Affected:
9.5.368.0
|
|
| pdf-xchange | pdf-xchange_editor |
Affected:
9.5.368.0
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.5.368.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.5.368.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf-xchange_editor",
"vendor": "pdf-xchange",
"versions": [
{
"status": "affected",
"version": "9.5.368.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42062",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T17:52:28.227279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:25:34.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:16:49.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1347",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1347/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.tracker-software.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF-XChange Editor",
"vendor": "PDF-XChange",
"versions": [
{
"status": "affected",
"version": "9.5.368.0"
}
]
}
],
"dateAssigned": "2023-09-06T21:25:45.150Z",
"datePublic": "2023-09-08T16:27:40.751Z",
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor U3D File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20935."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:12:43.415Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1347",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1347/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.tracker-software.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "PDF-XChange Editor U3D File Parsing Uninitialized Variable Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-42062",
"datePublished": "2024-05-03T02:12:43.415Z",
"dateReserved": "2023-09-06T21:13:00.545Z",
"dateUpdated": "2024-08-02T19:16:49.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42056 (GCVE-0-2023-42056)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:12 – Updated: 2024-08-02 19:16- CWE-457 - Use of Uninitialized Variable
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://www.tracker-software.com/support/security… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| PDF-XChange | PDF-XChange Editor |
Affected:
9.5.368.0
|
|
| pdf-xchange | pdf-xchange_editor |
Affected:
9.5.368.0
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.5.368.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.5.368.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf-xchange_editor",
"vendor": "pdf-xchange",
"versions": [
{
"status": "affected",
"version": "9.5.368.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T17:50:24.156470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:25:01.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:16:50.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1364",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1364/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.tracker-software.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF-XChange Editor",
"vendor": "PDF-XChange",
"versions": [
{
"status": "affected",
"version": "9.5.368.0"
}
]
}
],
"dateAssigned": "2023-09-06T21:25:45.118Z",
"datePublic": "2023-09-08T16:29:09.822Z",
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor U3D File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-20929."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:12:38.908Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1364",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1364/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.tracker-software.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "PDF-XChange Editor U3D File Parsing Uninitialized Variable Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-42056",
"datePublished": "2024-05-03T02:12:38.908Z",
"dateReserved": "2023-09-06T21:13:00.544Z",
"dateUpdated": "2024-08-02T19:16:50.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42048 (GCVE-0-2023-42048)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:12 – Updated: 2024-08-02 19:16- CWE-457 - Use of Uninitialized Variable
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://www.tracker-software.com/support/security… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| PDF-XChange | PDF-XChange Editor |
Affected:
9.5.368.0
|
|
| pdf-xchange | pdf-xchange_editor |
Affected:
10.0.1.371
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.0.1.371:*:*:*:*:*:*:* |
|
| pdf-xchange | pdf-tools |
Affected:
10.0.1.371
cpe:2.3:a:pdf-xchange:pdf-tools:10.0.1.371:*:*:*:*:*:*:* |
|
| pdf-xchange | pdf-xchange_pro |
Affected:
10.0.1.371
cpe:2.3:a:pdf-xchange:pdf-xchange_pro:10.0.1.371:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.0.1.371:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf-xchange_editor",
"vendor": "pdf-xchange",
"versions": [
{
"status": "affected",
"version": "10.0.1.371"
}
]
},
{
"cpes": [
"cpe:2.3:a:pdf-xchange:pdf-tools:10.0.1.371:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf-tools",
"vendor": "pdf-xchange",
"versions": [
{
"status": "affected",
"version": "10.0.1.371"
}
]
},
{
"cpes": [
"cpe:2.3:a:pdf-xchange:pdf-xchange_pro:10.0.1.371:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf-xchange_pro",
"vendor": "pdf-xchange",
"versions": [
{
"status": "affected",
"version": "10.0.1.371"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T21:02:57.393723Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:25:21.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:16:49.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1351",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1351/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.tracker-software.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF-XChange Editor",
"vendor": "PDF-XChange",
"versions": [
{
"status": "affected",
"version": "9.5.368.0"
}
]
}
],
"dateAssigned": "2023-09-06T21:25:45.072Z",
"datePublic": "2023-09-08T16:28:03.933Z",
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of J2K files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-20909."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:12:32.681Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1351",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1351/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.tracker-software.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-42048",
"datePublished": "2024-05-03T02:12:32.681Z",
"dateReserved": "2023-09-06T21:13:00.543Z",
"dateUpdated": "2024-08-02T19:16:49.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42046 (GCVE-0-2023-42046)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:12 – Updated: 2024-08-02 19:16- CWE-457 - Use of Uninitialized Variable
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://www.tracker-software.com/support/security… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| PDF-XChange | PDF-XChange Editor |
Affected:
9.5.368.0
|
|
| pdf-xchange | pdf-xchange_editor |
Affected:
0 , < 10.3.0.386
(custom)
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pdf-xchange:pdf-xchange_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf-xchange_editor",
"vendor": "pdf-xchange",
"versions": [
{
"lessThan": "10.3.0.386",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42046",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T20:38:17.476135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T12:30:44.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:16:50.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1353",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1353/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.tracker-software.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF-XChange Editor",
"vendor": "PDF-XChange",
"versions": [
{
"status": "affected",
"version": "9.5.368.0"
}
]
}
],
"dateAssigned": "2023-09-06T21:25:45.061Z",
"datePublic": "2023-09-08T16:28:17.038Z",
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of J2K files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-20907."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:12:31.236Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1353",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1353/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.tracker-software.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-42046",
"datePublished": "2024-05-03T02:12:31.236Z",
"dateReserved": "2023-09-06T21:13:00.543Z",
"dateUpdated": "2024-08-02T19:16:50.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39484 (GCVE-0-2023-39484)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:10 – Updated: 2024-08-02 18:10- CWE-457 - Use of Uninitialized Variable
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| PDF-XChange | PDF-XChange Editor |
Affected:
9.4.362.0
|
|
| pdf-xchange | pdf-xchange_editor |
Affected:
10.0.1.371
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.0.1.371:*:*:*:*:*:*:* |
|
| pdf-xchange | pdf-tools |
Affected:
10.0.1.371
cpe:2.3:a:pdf-xchange:pdf-tools:10.0.1.371:*:*:*:*:*:*:* |
|
| pdf-xchange | pdf-xchange_pro |
Affected:
10.0.1.371
cpe:2.3:a:pdf-xchange:pdf-xchange_pro:10.0.1.371:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.0.1.371:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf-xchange_editor",
"vendor": "pdf-xchange",
"versions": [
{
"status": "affected",
"version": "10.0.1.371"
}
]
},
{
"cpes": [
"cpe:2.3:a:pdf-xchange:pdf-tools:10.0.1.371:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf-tools",
"vendor": "pdf-xchange",
"versions": [
{
"status": "affected",
"version": "10.0.1.371"
}
]
},
{
"cpes": [
"cpe:2.3:a:pdf-xchange:pdf-xchange_pro:10.0.1.371:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf-xchange_pro",
"vendor": "pdf-xchange",
"versions": [
{
"status": "affected",
"version": "10.0.1.371"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39484",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T20:56:39.472001Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:52.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1123",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1123/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF-XChange Editor",
"vendor": "PDF-XChange",
"versions": [
{
"status": "affected",
"version": "9.4.362.0"
}
]
}
],
"dateAssigned": "2023-08-02T21:44:31.548Z",
"datePublic": "2023-08-17T19:01:57.631Z",
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor PDF File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18493."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:10:48.041Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1123",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1123/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "PDF-XChange Editor PDF File Parsing Uninitialized Variable Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39484",
"datePublished": "2024-05-03T02:10:48.041Z",
"dateReserved": "2023-08-02T21:37:23.125Z",
"dateUpdated": "2024-08-02T18:10:20.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38088 (GCVE-0-2023-38088)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:58 – Updated: 2024-08-02 17:30- CWE-457 - Use of Uninitialized Variable
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kofax:power_pdf:5.0.0.19:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "power_pdf",
"vendor": "kofax",
"versions": [
{
"status": "affected",
"version": "5.0.0.19"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T14:29:31.382917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:08.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:13.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-964",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-964/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Power PDF",
"vendor": "Kofax",
"versions": [
{
"status": "affected",
"version": "5.0.0.19"
}
]
}
],
"dateAssigned": "2023-07-12T15:35:24.768Z",
"datePublic": "2023-07-13T20:40:20.063Z",
"descriptions": [
{
"lang": "en",
"value": "Kofax Power PDF printf Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of util objects. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20566."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:58:53.167Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-964",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-964/"
}
],
"source": {
"lang": "en",
"value": "rgod"
},
"title": "Kofax Power PDF printf Uninitialized Variable Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-38088",
"datePublished": "2024-05-03T01:58:53.167Z",
"dateReserved": "2023-07-12T15:22:20.615Z",
"dateUpdated": "2024-08-02T17:30:13.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34310 (GCVE-0-2023-34310)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:57 – Updated: 2024-09-18 18:28- CWE-457 - Use of Uninitialized Variable
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Ashlar-Vellum | Cobalt |
Affected:
Ashlar-Vellum Cobalt 12 beta build 1204.57
|
|
| ashlar | cobalt |
Affected:
*
cpe:2.3:a:ashlar:cobalt:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ashlar:cobalt:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cobalt",
"vendor": "ashlar",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T17:26:09.260974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:21:06.141Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-870",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-870/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cobalt",
"vendor": "Ashlar-Vellum",
"versions": [
{
"status": "affected",
"version": "Ashlar-Vellum Cobalt 12 beta build 1204.57"
}
]
}
],
"dateAssigned": "2023-05-31T20:02:02.249Z",
"datePublic": "2023-06-15T22:56:37.725Z",
"descriptions": [
{
"lang": "en",
"value": "Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-19878."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:28:45.797Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-870",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-870/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-34310",
"datePublished": "2024-05-03T01:57:31.132Z",
"dateReserved": "2023-05-31T19:51:08.226Z",
"dateUpdated": "2024-09-18T18:28:45.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31326 (GCVE-0-2023-31326)
Vulnerability from cvelistv5 – Published: 2025-09-06 16:48 – Updated: 2025-09-08 20:04- CWE-457 - Use of Uninitialized Variable
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T20:04:35.581719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T20:04:43.607Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Cezanne-FP6_1.0.1.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7030 Series Mobile processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Cezanne-FP6_1.0.1.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI_1.2.0.CA"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI_1.2.0.CA"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PhoenixPI-FP8-FP7_1.1.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Renoir-FP6_ 1.0.0.D"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Rembrandt-FP7_1.0.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Cezanne-FP6_1.0.1.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6_1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6_1.0.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Embedded-PI_FP7r2 1009"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 24.Q2 (24.10.20)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V710 Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
}
],
"datePublic": "2025-09-06T16:27:46.642Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of an uninitialized variable in the ASP could allow an attacker to access leftover data from a trusted execution environment (TEE) driver, potentially leading to loss of confidentiality. \u003cbr\u003e"
}
],
"value": "Use of an uninitialized variable in the ASP could allow an attacker to access leftover data from a trusted execution environment (TEE) driver, potentially leading to loss of confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457 Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-06T16:48:43.991Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31326",
"datePublished": "2025-09-06T16:48:43.991Z",
"dateReserved": "2023-04-27T15:25:41.424Z",
"dateUpdated": "2025-09-08T20:04:43.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation MIT-57
Strategy: Attack Surface Reduction
Ensure that critical variables are initialized before first use [REF-1485].
Mitigation
Strategy: Compilation or Build Hardening
Most compilers will complain about the use of uninitialized variables if warnings are turned on.
Mitigation
When using a language that does not require explicit declaration of variables, run or compile the software in a mode that reports undeclared or unknown variables. This may indicate the presence of a typographic error in the variable's name.
Mitigation
Strategy: Language Selection
Choose a language that is not susceptible to these issues.
Mitigation
Mitigating technologies such as safe string libraries and container abstractions could be introduced.
No CAPEC attack patterns related to this CWE.