CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-C3HW-XWC7-5XGW
Vulnerability from github – Published: 2022-05-14 00:54 – Updated: 2022-05-14 00:54Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.
{
"affected": [],
"aliases": [
"CVE-2018-15861"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-25T21:29:00Z",
"severity": "MODERATE"
},
"details": "Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.",
"id": "GHSA-c3hw-xwc7-5xgw",
"modified": "2022-05-14T00:54:57Z",
"published": "2022-05-14T00:54:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15861"
},
{
"type": "WEB",
"url": "https://github.com/xkbcommon/libxkbcommon/commit/38e1766bc6e20108948aec8a0b222a4bad0254e9"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2079"
},
{
"type": "WEB",
"url": "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201810-05"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3786-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3786-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C3Q9-4CX6-6R4J
Vulnerability from github – Published: 2022-05-17 02:32 – Updated: 2022-05-17 02:32The vrend_decode_reset function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference and QEMU process crash) by destroying context 0 (zero).
{
"affected": [],
"aliases": [
"CVE-2017-6210"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-15T14:59:00Z",
"severity": "MODERATE"
},
"details": "The vrend_decode_reset function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference and QEMU process crash) by destroying context 0 (zero).",
"id": "GHSA-c3q9-4cx6-6r4j",
"modified": "2022-05-17T02:32:01Z",
"published": "2022-05-17T02:32:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6210"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1426170"
},
{
"type": "WEB",
"url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=0a5dff15912207b83018485f83e067474e818bab"
},
{
"type": "WEB",
"url": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201707-06"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/02/23/21"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96439"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C3QR-X655-RX39
Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2025-04-20 03:33coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
{
"affected": [],
"aliases": [
"CVE-2016-9559"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-01T15:59:00Z",
"severity": "MODERATE"
},
"details": "coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.",
"id": "GHSA-c3qr-x655-rx39",
"modified": "2025-04-20T03:33:27Z",
"published": "2022-05-13T01:10:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9559"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/298"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2016/11/19/imagemagick-null-pointer-must-never-be-null-tiff-c"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3726"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/11/19/7"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/11/23/4"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94489"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C3VQ-CRH9-3R34
Vulnerability from github – Published: 2022-04-16 00:00 – Updated: 2022-04-23 00:03An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint.
{
"affected": [],
"aliases": [
"CVE-2021-44495"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-15T18:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint.",
"id": "GHSA-c3vq-crh9-3r34",
"modified": "2022-04-23T00:03:15Z",
"published": "2022-04-16T00:00:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44495"
},
{
"type": "WEB",
"url": "https://gitlab.com/YottaDB/DB/YDB/-/issues/828"
},
{
"type": "WEB",
"url": "https://sourceforge.net/projects/fis-gtm/files"
},
{
"type": "WEB",
"url": "http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C44Q-MXRG-GRC2
Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-16 21:30In the Linux kernel, the following vulnerability has been resolved:
gpiolib: cdev: fix NULL-pointer dereferences
There are several places where we can crash the kernel by requesting lines, unbinding the GPIO device, then calling any of the system calls relevant to the GPIO character device's annonymous file descriptors: ioctl(), read(), poll().
While I observed it with the GPIO simulator, it will also happen for any of the GPIO devices that can be hot-unplugged - for instance any HID GPIO expander (e.g. CP2112).
This affects both v1 and v2 uAPI.
This fixes it partially by checking if gdev->chip is not NULL but it doesn't entirely remedy the situation as we still have a race condition in which another thread can remove the device after the check.
{
"affected": [],
"aliases": [
"CVE-2022-50453"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T12:15:38Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: cdev: fix NULL-pointer dereferences\n\nThere are several places where we can crash the kernel by requesting\nlines, unbinding the GPIO device, then calling any of the system calls\nrelevant to the GPIO character device\u0027s annonymous file descriptors:\nioctl(), read(), poll().\n\nWhile I observed it with the GPIO simulator, it will also happen for any\nof the GPIO devices that can be hot-unplugged - for instance any HID GPIO\nexpander (e.g. CP2112).\n\nThis affects both v1 and v2 uAPI.\n\nThis fixes it partially by checking if gdev-\u003echip is not NULL but it\ndoesn\u0027t entirely remedy the situation as we still have a race condition\nin which another thread can remove the device after the check.",
"id": "GHSA-c44q-mxrg-grc2",
"modified": "2026-01-16T21:30:28Z",
"published": "2025-10-01T12:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50453"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/533aae7c94dbc2b14301cfd68ae7e0e90f0c8438"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6d79546622baab843172b52c3af035f83c1b21df"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7c755a2d6df511eeb5afba966ac28140f9ea5063"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ac6ce3cd7a3e10a2e37b8970bab81b4d33d5cfc3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d66f68ac9e7ba46b6b90fbe25155723f2126088a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C484-H7G8-6C74
Vulnerability from github – Published: 2022-05-14 00:53 – Updated: 2022-05-14 00:53Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
{
"affected": [],
"aliases": [
"CVE-2018-5030"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-20T19:29:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
"id": "GHSA-c484-h7g8-6c74",
"modified": "2022-05-14T00:53:23Z",
"published": "2022-05-14T00:53:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5030"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104701"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041250"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C48Q-X6XW-G5H8
Vulnerability from github – Published: 2025-04-21 00:30 – Updated: 2025-04-21 00:30libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.
{
"affected": [],
"aliases": [
"CVE-2025-43967"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-21T00:15:33Z",
"severity": "LOW"
},
"details": "libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.",
"id": "GHSA-c48q-x6xw-g5h8",
"modified": "2025-04-21T00:30:20Z",
"published": "2025-04-21T00:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43967"
},
{
"type": "WEB",
"url": "https://github.com/strukturag/libheif/issues/1455"
},
{
"type": "WEB",
"url": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671"
},
{
"type": "WEB",
"url": "https://github.com/strukturag/libheif/compare/v1.19.5...v1.19.6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-C4FH-4XH2-GXGX
Vulnerability from github – Published: 2022-05-17 02:36 – Updated: 2022-05-17 02:36An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2016-9430"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-12-12T02:59:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"id": "GHSA-c4fh-4xh2-gxgx",
"modified": "2022-05-17T02:36:43Z",
"published": "2022-05-17T02:36:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9430"
},
{
"type": "WEB",
"url": "https://github.com/tats/w3m/issues/7"
},
{
"type": "WEB",
"url": "https://github.com/tats/w3m/blob/master/ChangeLog"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-08"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/11/18/3"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94407"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C4G9-53V4-F2QG
Vulnerability from github – Published: 2022-04-30 18:18 – Updated: 2024-02-16 15:30The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.
{
"affected": [],
"aliases": [
"CVE-2001-1559"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2001-12-31T05:00:00Z",
"severity": "LOW"
},
"details": "The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.",
"id": "GHSA-c4g9-53v4-f2qg",
"modified": "2024-02-16T15:30:25Z",
"published": "2022-04-30T18:18:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1559"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0014.html"
},
{
"type": "WEB",
"url": "http://monkey.org/openbsd/archive/tech/0112/msg00015.html"
},
{
"type": "WEB",
"url": "http://www.iss.net/security_center/static/7690.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C4HF-X9GR-W5F8
Vulnerability from github – Published: 2024-07-30 09:32 – Updated: 2024-07-30 21:31In the Linux kernel, the following vulnerability has been resolved:
usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB
Some transfer events don't always point to a TRB, and consequently don't have a endpoint ring. In these cases, function handle_tx_event() should not proceed, because if 'ep->skip' is set, the pointer to the endpoint ring is used.
To prevent a potential failure and make the code logical, return after checking the completion code for a Transfer event without TRBs.
{
"affected": [],
"aliases": [
"CVE-2024-42226"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-30T08:15:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB\n\nSome transfer events don\u0027t always point to a TRB, and consequently don\u0027t\nhave a endpoint ring. In these cases, function handle_tx_event() should\nnot proceed, because if \u0027ep-\u003eskip\u0027 is set, the pointer to the endpoint\nring is used.\n\nTo prevent a potential failure and make the code logical, return after\nchecking the completion code for a Transfer event without TRBs.",
"id": "GHSA-c4hf-x9gr-w5f8",
"modified": "2024-07-30T21:31:27Z",
"published": "2024-07-30T09:32:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42226"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1f4a10cb826fdec5cd442df010bcb3043bfd6464"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/66cb618bf0bb82859875b00eeffaf223557cb416"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/69bed24c82139bbad0a78a075e1834a2ea7bd064"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/948554f1bb16e15b90006c109c3a558c66d4c4ac"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9a24eb8010c2dc6a2eba56e3eb9fc07d14ffe00a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c0ee01e8ba19ff7edc98f68a114d4789faa219b9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.