Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-C3HW-XWC7-5XGW

Vulnerability from github – Published: 2022-05-14 00:54 – Updated: 2022-05-14 00:54
VLAI
Details

Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-15861"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-25T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.",
  "id": "GHSA-c3hw-xwc7-5xgw",
  "modified": "2022-05-14T00:54:57Z",
  "published": "2022-05-14T00:54:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15861"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xkbcommon/libxkbcommon/commit/38e1766bc6e20108948aec8a0b222a4bad0254e9"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2079"
    },
    {
      "type": "WEB",
      "url": "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201810-05"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3786-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3786-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C3Q9-4CX6-6R4J

Vulnerability from github – Published: 2022-05-17 02:32 – Updated: 2022-05-17 02:32
VLAI
Details

The vrend_decode_reset function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference and QEMU process crash) by destroying context 0 (zero).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-6210"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-15T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The vrend_decode_reset function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference and QEMU process crash) by destroying context 0 (zero).",
  "id": "GHSA-c3q9-4cx6-6r4j",
  "modified": "2022-05-17T02:32:01Z",
  "published": "2022-05-17T02:32:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6210"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1426170"
    },
    {
      "type": "WEB",
      "url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=0a5dff15912207b83018485f83e067474e818bab"
    },
    {
      "type": "WEB",
      "url": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201707-06"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/02/23/21"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96439"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C3QR-X655-RX39

Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2025-04-20 03:33
VLAI
Details

coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-9559"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-01T15:59:00Z",
    "severity": "MODERATE"
  },
  "details": "coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.",
  "id": "GHSA-c3qr-x655-rx39",
  "modified": "2025-04-20T03:33:27Z",
  "published": "2022-05-13T01:10:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9559"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/298"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b"
    },
    {
      "type": "WEB",
      "url": "https://blogs.gentoo.org/ago/2016/11/19/imagemagick-null-pointer-must-never-be-null-tiff-c"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3726"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/11/19/7"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/11/23/4"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94489"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C3VQ-CRH9-3R34

Vulnerability from github – Published: 2022-04-16 00:00 – Updated: 2022-04-23 00:03
VLAI
Details

An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-44495"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-15T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint.",
  "id": "GHSA-c3vq-crh9-3r34",
  "modified": "2022-04-23T00:03:15Z",
  "published": "2022-04-16T00:00:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44495"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/YottaDB/DB/YDB/-/issues/828"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/projects/fis-gtm/files"
    },
    {
      "type": "WEB",
      "url": "http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C44Q-MXRG-GRC2

Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-16 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

gpiolib: cdev: fix NULL-pointer dereferences

There are several places where we can crash the kernel by requesting lines, unbinding the GPIO device, then calling any of the system calls relevant to the GPIO character device's annonymous file descriptors: ioctl(), read(), poll().

While I observed it with the GPIO simulator, it will also happen for any of the GPIO devices that can be hot-unplugged - for instance any HID GPIO expander (e.g. CP2112).

This affects both v1 and v2 uAPI.

This fixes it partially by checking if gdev->chip is not NULL but it doesn't entirely remedy the situation as we still have a race condition in which another thread can remove the device after the check.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50453"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T12:15:38Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: cdev: fix NULL-pointer dereferences\n\nThere are several places where we can crash the kernel by requesting\nlines, unbinding the GPIO device, then calling any of the system calls\nrelevant to the GPIO character device\u0027s annonymous file descriptors:\nioctl(), read(), poll().\n\nWhile I observed it with the GPIO simulator, it will also happen for any\nof the GPIO devices that can be hot-unplugged - for instance any HID GPIO\nexpander (e.g. CP2112).\n\nThis affects both v1 and v2 uAPI.\n\nThis fixes it partially by checking if gdev-\u003echip is not NULL but it\ndoesn\u0027t entirely remedy the situation as we still have a race condition\nin which another thread can remove the device after the check.",
  "id": "GHSA-c44q-mxrg-grc2",
  "modified": "2026-01-16T21:30:28Z",
  "published": "2025-10-01T12:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50453"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/533aae7c94dbc2b14301cfd68ae7e0e90f0c8438"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6d79546622baab843172b52c3af035f83c1b21df"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7c755a2d6df511eeb5afba966ac28140f9ea5063"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ac6ce3cd7a3e10a2e37b8970bab81b4d33d5cfc3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d66f68ac9e7ba46b6b90fbe25155723f2126088a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C484-H7G8-6C74

Vulnerability from github – Published: 2022-05-14 00:53 – Updated: 2022-05-14 00:53
VLAI
Details

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5030"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-20T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
  "id": "GHSA-c484-h7g8-6c74",
  "modified": "2022-05-14T00:53:23Z",
  "published": "2022-05-14T00:53:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5030"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104701"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041250"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C48Q-X6XW-G5H8

Vulnerability from github – Published: 2025-04-21 00:30 – Updated: 2025-04-21 00:30
VLAI
Details

libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-43967"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-21T00:15:33Z",
    "severity": "LOW"
  },
  "details": "libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.",
  "id": "GHSA-c48q-x6xw-g5h8",
  "modified": "2025-04-21T00:30:20Z",
  "published": "2025-04-21T00:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43967"
    },
    {
      "type": "WEB",
      "url": "https://github.com/strukturag/libheif/issues/1455"
    },
    {
      "type": "WEB",
      "url": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671"
    },
    {
      "type": "WEB",
      "url": "https://github.com/strukturag/libheif/compare/v1.19.5...v1.19.6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C4FH-4XH2-GXGX

Vulnerability from github – Published: 2022-05-17 02:36 – Updated: 2022-05-17 02:36
VLAI
Details

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-9430"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-12T02:59:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
  "id": "GHSA-c4fh-4xh2-gxgx",
  "modified": "2022-05-17T02:36:43Z",
  "published": "2022-05-17T02:36:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9430"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tats/w3m/issues/7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tats/w3m/blob/master/ChangeLog"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201701-08"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/11/18/3"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94407"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C4G9-53V4-F2QG

Vulnerability from github – Published: 2022-04-30 18:18 – Updated: 2024-02-16 15:30
VLAI
Details

The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2001-1559"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2001-12-31T05:00:00Z",
    "severity": "LOW"
  },
  "details": "The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.",
  "id": "GHSA-c4g9-53v4-f2qg",
  "modified": "2024-02-16T15:30:25Z",
  "published": "2022-04-30T18:18:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1559"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0014.html"
    },
    {
      "type": "WEB",
      "url": "http://monkey.org/openbsd/archive/tech/0112/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "http://www.iss.net/security_center/static/7690.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C4HF-X9GR-W5F8

Vulnerability from github – Published: 2024-07-30 09:32 – Updated: 2024-07-30 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB

Some transfer events don't always point to a TRB, and consequently don't have a endpoint ring. In these cases, function handle_tx_event() should not proceed, because if 'ep->skip' is set, the pointer to the endpoint ring is used.

To prevent a potential failure and make the code logical, return after checking the completion code for a Transfer event without TRBs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42226"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-30T08:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB\n\nSome transfer events don\u0027t always point to a TRB, and consequently don\u0027t\nhave a endpoint ring. In these cases, function handle_tx_event() should\nnot proceed, because if \u0027ep-\u003eskip\u0027 is set, the pointer to the endpoint\nring is used.\n\nTo prevent a potential failure and make the code logical, return after\nchecking the completion code for a Transfer event without TRBs.",
  "id": "GHSA-c4hf-x9gr-w5f8",
  "modified": "2024-07-30T21:31:27Z",
  "published": "2024-07-30T09:32:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42226"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1f4a10cb826fdec5cd442df010bcb3043bfd6464"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/66cb618bf0bb82859875b00eeffaf223557cb416"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/69bed24c82139bbad0a78a075e1834a2ea7bd064"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/948554f1bb16e15b90006c109c3a558c66d4c4ac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9a24eb8010c2dc6a2eba56e3eb9fc07d14ffe00a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c0ee01e8ba19ff7edc98f68a114d4789faa219b9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.