CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-GQXH-JF4F-XFJR
Vulnerability from github – Published: 2022-03-12 00:00 – Updated: 2022-03-19 00:01Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
{
"affected": [],
"aliases": [
"CVE-2022-0908"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-11T18:15:00Z",
"severity": "MODERATE"
},
"details": "Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.",
"id": "GHSA-gqxh-jf4f-xfjr",
"modified": "2022-03-19T00:01:15Z",
"published": "2022-03-12T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0908"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85"
},
{
"type": "WEB",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/383"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202210-10"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220506-0002"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5108"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GR6F-7HFG-779M
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-07 21:31In the Linux kernel, the following vulnerability has been resolved:
net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start()
sparx_stats_init() calls create_singlethread_workqueue() and not checked the ret value, which may return NULL. And a null-ptr-deref may happen:
sparx_stats_init() create_singlethread_workqueue() # failed, sparx5->stats_queue is NULL queue_delayed_work() queue_delayed_work_on() __queue_delayed_work() # warning here, but continue __queue_work() # access wq->flags, null-ptr-deref
Check the ret value and return -ENOMEM if it is NULL. So as sparx5_start().
{
"affected": [],
"aliases": [
"CVE-2022-49806"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T15:16:03Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start()\n\nsparx_stats_init() calls create_singlethread_workqueue() and not\nchecked the ret value, which may return NULL. And a null-ptr-deref may\nhappen:\n\nsparx_stats_init()\n create_singlethread_workqueue() # failed, sparx5-\u003estats_queue is NULL\n queue_delayed_work()\n queue_delayed_work_on()\n __queue_delayed_work() # warning here, but continue\n __queue_work() # access wq-\u003eflags, null-ptr-deref\n\nCheck the ret value and return -ENOMEM if it is NULL. So as\nsparx5_start().",
"id": "GHSA-gr6f-7hfg-779m",
"modified": "2025-11-07T21:31:19Z",
"published": "2025-05-01T15:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49806"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/456327e565dc49d18b2f595f39f47df8a36f1057"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/639f5d006e36bb303f525d9479448c412b720c39"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/80e590aeb132887102c3fa79d99b338f099dc952"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GR79-QRM5-4PH8
Vulnerability from github – Published: 2024-11-15 21:30 – Updated: 2024-11-15 21:30NULL pointer dereference in the MMS Client in MZ Automation LibIEC1850 before commit 7afa40390b26ad1f4cf93deaa0052fe7e357ef33 allows a malicious server to Cause a Denial-of-Service via the MMS InitiationResponse message.
{
"affected": [],
"aliases": [
"CVE-2024-45969"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-15T19:15:07Z",
"severity": "HIGH"
},
"details": "NULL pointer dereference in the MMS Client in MZ Automation LibIEC1850 before commit 7afa40390b26ad1f4cf93deaa0052fe7e357ef33 allows a malicious server to Cause a Denial-of-Service via the MMS InitiationResponse message.",
"id": "GHSA-gr79-qrm5-4ph8",
"modified": "2024-11-15T21:30:47Z",
"published": "2024-11-15T21:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45969"
},
{
"type": "WEB",
"url": "https://github.com/mz-automation/libiec61850/commit/7afa40390b26ad1f4cf93deaa0052fe7e357ef33"
},
{
"type": "WEB",
"url": "https://encs.eu/news/critical-security-vulnerabilities-discovered-in-mz-automations-mms-client"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GRC4-C844-M2MX
Vulnerability from github – Published: 2023-03-01 00:30 – Updated: 2023-03-06 15:30In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2023-1095"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-28T23:15:00Z",
"severity": "MODERATE"
},
"details": "In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.",
"id": "GHSA-grc4-c844-m2mx",
"modified": "2023-03-06T15:30:42Z",
"published": "2023-03-01T00:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1095"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/580077855a40741cf511766129702d97ff02f4d9"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173973"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GRGF-H9FH-5X2M
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2026-02-06 18:30In the Linux kernel, the following vulnerability has been resolved:
HID: uclogic: Add NULL check in uclogic_input_configured()
devm_kasprintf() returns NULL when memory allocation fails. Currently, uclogic_input_configured() does not check for this case, which results in a NULL pointer dereference.
Add NULL check after devm_kasprintf() to prevent this issue.
{
"affected": [],
"aliases": [
"CVE-2025-38007"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T10:15:31Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: uclogic: Add NULL check in uclogic_input_configured()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nuclogic_input_configured() does not check for this case, which results\nin a NULL pointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"id": "GHSA-grgf-h9fh-5x2m",
"modified": "2026-02-06T18:30:26Z",
"published": "2025-06-18T12:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38007"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/00d52b2fa6083dd0f5c44f3604cd1bad1f9177dc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/01b76cc8ca243fc3376b035aa326bbc4f03d384b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/94e7272b636a0677082e0604609e4c471e0a2caf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a9f58479a1a2c6f72907679c4df2f4ed92b05b39"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ad6caaf29bc26a48b1241ce82561fcbcf0a75aa9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b616453d719ee1b8bf2ea6f6cc6c6258a572a590"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bd07f751208ba190f9b0db5e5b7f35d5bb4a8a1e"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GRGX-VVHC-GXXR
Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-09-03 00:00There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
{
"affected": [],
"aliases": [
"CVE-2020-35496"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-04T15:15:00Z",
"severity": "MODERATE"
},
"details": "There\u0027s a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.",
"id": "GHSA-grgx-vvhc-gxxr",
"modified": "2022-09-03T00:00:19Z",
"published": "2022-05-24T17:37:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35496"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911444"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-24"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210212-0007"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GRMR-5779-P323
Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2025-09-19 21:31In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check writeback connectors in create_validate_stream_for_sink
[WHY & HOW] This is to check connector type to avoid unhandled null pointer for writeback connectors.
{
"affected": [],
"aliases": [
"CVE-2023-52695"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-17T15:15:20Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check writeback connectors in create_validate_stream_for_sink\n\n[WHY \u0026 HOW]\nThis is to check connector type to avoid\nunhandled null pointer for writeback connectors.",
"id": "GHSA-grmr-5779-p323",
"modified": "2025-09-19T21:31:15Z",
"published": "2024-05-17T15:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52695"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0fe85301b95077ac4fa4a91909d38b7341e81187"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dbf5d3d02987faa0eec3710dd687cd912362d7b5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GRQ5-97JG-XJFP
Vulnerability from github – Published: 2024-11-19 03:31 – Updated: 2025-11-04 00:32In the Linux kernel, the following vulnerability has been resolved:
ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()
Syzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove():
[ 57.319872] (a.out,1161,7):ocfs2_xa_remove:2028 ERROR: status = -12 [ 57.320420] (a.out,1161,7):ocfs2_xa_cleanup_value_truncate:1999 ERROR: Partial truncate while removing xattr overlay.upper. Leaking 1 clusters and removing the entry [ 57.321727] BUG: kernel NULL pointer dereference, address: 0000000000000004 [...] [ 57.325727] RIP: 0010:ocfs2_xa_block_wipe_namevalue+0x2a/0xc0 [...] [ 57.331328] Call Trace: [ 57.331477] [...] [ 57.333511] ? do_user_addr_fault+0x3e5/0x740 [ 57.333778] ? exc_page_fault+0x70/0x170 [ 57.334016] ? asm_exc_page_fault+0x2b/0x30 [ 57.334263] ? __pfx_ocfs2_xa_block_wipe_namevalue+0x10/0x10 [ 57.334596] ? ocfs2_xa_block_wipe_namevalue+0x2a/0xc0 [ 57.334913] ocfs2_xa_remove_entry+0x23/0xc0 [ 57.335164] ocfs2_xa_set+0x704/0xcf0 [ 57.335381] ? _raw_spin_unlock+0x1a/0x40 [ 57.335620] ? ocfs2_inode_cache_unlock+0x16/0x20 [ 57.335915] ? trace_preempt_on+0x1e/0x70 [ 57.336153] ? start_this_handle+0x16c/0x500 [ 57.336410] ? preempt_count_sub+0x50/0x80 [ 57.336656] ? _raw_read_unlock+0x20/0x40 [ 57.336906] ? start_this_handle+0x16c/0x500 [ 57.337162] ocfs2_xattr_block_set+0xa6/0x1e0 [ 57.337424] __ocfs2_xattr_set_handle+0x1fd/0x5d0 [ 57.337706] ? ocfs2_start_trans+0x13d/0x290 [ 57.337971] ocfs2_xattr_set+0xb13/0xfb0 [ 57.338207] ? dput+0x46/0x1c0 [ 57.338393] ocfs2_xattr_trusted_set+0x28/0x30 [ 57.338665] ? ocfs2_xattr_trusted_set+0x28/0x30 [ 57.338948] __vfs_removexattr+0x92/0xc0 [ 57.339182] __vfs_removexattr_locked+0xd5/0x190 [ 57.339456] ? preempt_count_sub+0x50/0x80 [ 57.339705] vfs_removexattr+0x5f/0x100 [...]
Reproducer uses faultinject facility to fail ocfs2_xa_remove() -> ocfs2_xa_value_truncate() with -ENOMEM.
In this case the comment mentions that we can return 0 if ocfs2_xa_cleanup_value_truncate() is going to wipe the entry anyway. But the following 'rc' check is wrong and execution flow do 'ocfs2_xa_remove_entry(loc);' twice: * 1st: in ocfs2_xa_cleanup_value_truncate(); * 2nd: returning back to ocfs2_xa_remove() instead of going to 'out'.
Fix this by skipping the 2nd removal of the same entry and making syzkaller repro happy.
{
"affected": [],
"aliases": [
"CVE-2024-50265"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-19T02:16:28Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()\n\nSyzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove():\n\n[ 57.319872] (a.out,1161,7):ocfs2_xa_remove:2028 ERROR: status = -12\n[ 57.320420] (a.out,1161,7):ocfs2_xa_cleanup_value_truncate:1999 ERROR: Partial truncate while removing xattr overlay.upper. Leaking 1 clusters and removing the entry\n[ 57.321727] BUG: kernel NULL pointer dereference, address: 0000000000000004\n[...]\n[ 57.325727] RIP: 0010:ocfs2_xa_block_wipe_namevalue+0x2a/0xc0\n[...]\n[ 57.331328] Call Trace:\n[ 57.331477] \u003cTASK\u003e\n[...]\n[ 57.333511] ? do_user_addr_fault+0x3e5/0x740\n[ 57.333778] ? exc_page_fault+0x70/0x170\n[ 57.334016] ? asm_exc_page_fault+0x2b/0x30\n[ 57.334263] ? __pfx_ocfs2_xa_block_wipe_namevalue+0x10/0x10\n[ 57.334596] ? ocfs2_xa_block_wipe_namevalue+0x2a/0xc0\n[ 57.334913] ocfs2_xa_remove_entry+0x23/0xc0\n[ 57.335164] ocfs2_xa_set+0x704/0xcf0\n[ 57.335381] ? _raw_spin_unlock+0x1a/0x40\n[ 57.335620] ? ocfs2_inode_cache_unlock+0x16/0x20\n[ 57.335915] ? trace_preempt_on+0x1e/0x70\n[ 57.336153] ? start_this_handle+0x16c/0x500\n[ 57.336410] ? preempt_count_sub+0x50/0x80\n[ 57.336656] ? _raw_read_unlock+0x20/0x40\n[ 57.336906] ? start_this_handle+0x16c/0x500\n[ 57.337162] ocfs2_xattr_block_set+0xa6/0x1e0\n[ 57.337424] __ocfs2_xattr_set_handle+0x1fd/0x5d0\n[ 57.337706] ? ocfs2_start_trans+0x13d/0x290\n[ 57.337971] ocfs2_xattr_set+0xb13/0xfb0\n[ 57.338207] ? dput+0x46/0x1c0\n[ 57.338393] ocfs2_xattr_trusted_set+0x28/0x30\n[ 57.338665] ? ocfs2_xattr_trusted_set+0x28/0x30\n[ 57.338948] __vfs_removexattr+0x92/0xc0\n[ 57.339182] __vfs_removexattr_locked+0xd5/0x190\n[ 57.339456] ? preempt_count_sub+0x50/0x80\n[ 57.339705] vfs_removexattr+0x5f/0x100\n[...]\n\nReproducer uses faultinject facility to fail ocfs2_xa_remove() -\u003e\nocfs2_xa_value_truncate() with -ENOMEM.\n\nIn this case the comment mentions that we can return 0 if\nocfs2_xa_cleanup_value_truncate() is going to wipe the entry\nanyway. But the following \u0027rc\u0027 check is wrong and execution flow do\n\u0027ocfs2_xa_remove_entry(loc);\u0027 twice:\n* 1st: in ocfs2_xa_cleanup_value_truncate();\n* 2nd: returning back to ocfs2_xa_remove() instead of going to \u0027out\u0027.\n\nFix this by skipping the 2nd removal of the same entry and making\nsyzkaller repro happy.",
"id": "GHSA-grq5-97jg-xjfp",
"modified": "2025-11-04T00:32:03Z",
"published": "2024-11-19T03:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50265"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0b63c0e01fba40e3992bc627272ec7b618ccaef7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/168a9b8303fcb0317db4c06b23ce1c0ce2af4e10"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2b5369528ee63c88371816178a05b5e664c87386"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/38cbf13b2e7a31362babe411f7c2c3c52cd2734b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6a7e6dcf90fe7721d0863067b6ca9a9442134692"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/86dd0e8d42828923c68ad506933336bcd6f2317d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dcc8fe8c83145041cb6c80cac21f6173a3ff0204"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dd73c942eed76a014c7a5597e6926435274d2c4c"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GRQ7-M4W9-7HRW
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.
{
"affected": [],
"aliases": [
"CVE-2021-3467"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-25T19:15:00Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.",
"id": "GHSA-grq7-m4w9-7hrw",
"modified": "2022-05-24T17:45:28Z",
"published": "2022-05-24T17:45:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3467"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942097"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWAIUFNIUCGS2IMGGDTWZIUIY7BNLGKF"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GRWC-H387-X9H2
Vulnerability from github – Published: 2022-09-01 00:00 – Updated: 2022-09-08 00:00A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.
{
"affected": [],
"aliases": [
"CVE-2020-35538"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-31T16:15:00Z",
"severity": "MODERATE"
},
"details": "A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.",
"id": "GHSA-grwc-h387-x9h2",
"modified": "2022-09-08T00:00:34Z",
"published": "2022-09-01T00:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35538"
},
{
"type": "WEB",
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/441"
},
{
"type": "WEB",
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9120a247436e84c0b4eea828cb11e8f665fcde30"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.