CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-JQ8G-94VX-PGRM
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function traits_dump() located in abc.c. It allows an attacker to cause Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2021-39585"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-20T16:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function traits_dump() located in abc.c. It allows an attacker to cause Denial of Service.",
"id": "GHSA-jq8g-94vx-pgrm",
"modified": "2022-05-24T19:15:05Z",
"published": "2022-05-24T19:15:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39585"
},
{
"type": "WEB",
"url": "https://github.com/matthiaskramm/swftools/issues/133"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JQ8P-424G-CH9J
Vulnerability from github – Published: 2022-08-19 00:00 – Updated: 2022-08-19 00:00NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0223.
{
"affected": [],
"aliases": [
"CVE-2022-2874"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-18T16:15:00Z",
"severity": "MODERATE"
},
"details": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0223.",
"id": "GHSA-jq8p-424g-ch9j",
"modified": "2022-08-19T00:00:20Z",
"published": "2022-08-19T00:00:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2874"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/95f97dfe-247d-475d-9740-b7adc71f4c79"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JQGM-J6XQ-3V4Q
Vulnerability from github – Published: 2024-08-26 12:31 – Updated: 2024-08-27 15:32In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check in resource_log_pipe_topology_update
[WHY] When switching from "Extend" to "Second Display Only" we sometimes call resource_get_otg_master_for_stream on a stream for the eDP, which is disconnected. This leads to a null pointer dereference.
[HOW] Added a null check in dc_resource.c/resource_log_pipe_topology_update.
{
"affected": [],
"aliases": [
"CVE-2024-43886"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-26T11:15:03Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check in resource_log_pipe_topology_update\n\n[WHY]\nWhen switching from \"Extend\" to \"Second Display Only\" we sometimes\ncall resource_get_otg_master_for_stream on a stream for the eDP,\nwhich is disconnected. This leads to a null pointer dereference.\n\n[HOW]\nAdded a null check in dc_resource.c/resource_log_pipe_topology_update.",
"id": "GHSA-jqgm-j6xq-3v4q",
"modified": "2024-08-27T15:32:43Z",
"published": "2024-08-26T12:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43886"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/899d92fd26fe780aad711322aa671f68058207a6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c36e922a36bdf69765c340a0857ca74092003bee"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JQH6-VQXW-FCV3
Vulnerability from github – Published: 2022-05-14 03:59 – Updated: 2025-06-10 15:30The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.
{
"affected": [],
"aliases": [
"CVE-2013-6954"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-01-12T18:34:00Z",
"severity": "MODERATE"
},
"details": "The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.",
"id": "GHSA-jqh6-vqxw-fcv3",
"modified": "2025-06-10T15:30:31Z",
"published": "2022-05-14T03:59:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6954"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:0413"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045561"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/docview.wss?uid=swg21675973"
},
{
"type": "WEB",
"url": "http://advisories.mageia.org/MGASA-2014-0075.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127947.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127952.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128098.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128099.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128114.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00071.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58974"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59058"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"type": "WEB",
"url": "http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c"
},
{
"type": "WEB",
"url": "http://sourceforge.net/projects/libpng/files/libpng16/1.6.8"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676746"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/650142"
},
{
"type": "WEB",
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:035"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/64493"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JQHX-H33H-G3QG
Vulnerability from github – Published: 2022-05-14 02:18 – Updated: 2022-05-14 02:18Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in 2.4.67.
{
"affected": [],
"aliases": [
"CVE-2018-1000655"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-20T19:31:00Z",
"severity": "MODERATE"
},
"details": "Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in 2.4.67.",
"id": "GHSA-jqhx-h33h-g3qg",
"modified": "2022-05-14T02:18:54Z",
"published": "2022-05-14T02:18:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000655"
},
{
"type": "WEB",
"url": "https://jsish.org/fossil/jsi/tktview/3b8f95574f2c9dddf5ffea71e0086b2e6f6dd71e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JQMP-H258-VVV4
Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-11 03:30In the Linux kernel, the following vulnerability has been resolved:
octeon_ep_vf: add NULL check for napi_build_skb()
napi_build_skb() can return NULL on allocation failure. In __octep_vf_oq_process_rx(), the result is used directly without a NULL check in both the single-buffer and multi-fragment paths, leading to a NULL pointer dereference.
Add NULL checks after both napi_build_skb() calls, properly advancing descriptors and consuming remaining fragments on failure.
{
"affected": [],
"aliases": [
"CVE-2026-46188"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T10:16:34Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep_vf: add NULL check for napi_build_skb()\n\nnapi_build_skb() can return NULL on allocation failure. In\n__octep_vf_oq_process_rx(), the result is used directly without a NULL\ncheck in both the single-buffer and multi-fragment paths, leading to a\nNULL pointer dereference.\n\nAdd NULL checks after both napi_build_skb() calls, properly advancing\ndescriptors and consuming remaining fragments on failure.",
"id": "GHSA-jqmp-h258-vvv4",
"modified": "2026-06-11T03:30:23Z",
"published": "2026-05-28T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46188"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/60246cdd4c515ea7d920cddf48932efcb990773e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6fef6640bbf360e254cc0174365ed30ce3a07572"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b0f4711b426a06fb4c4be85c36b9f5588d5140d3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dd66b42854705e4e4ee7f14d260f86c578bed3e3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JQMP-HJG9-VHWH
Vulnerability from github – Published: 2022-05-14 02:20 – Updated: 2025-04-20 03:41GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638.
{
"affected": [],
"aliases": [
"CVE-2017-11642"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-26T08:29:00Z",
"severity": "HIGH"
},
"details": "GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638.",
"id": "GHSA-jqmp-hjg9-vhwh",
"modified": "2025-04-20T03:41:28Z",
"published": "2022-05-14T02:20:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11642"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4222-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"type": "WEB",
"url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100395"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JQR2-8282-9V96
Vulnerability from github – Published: 2022-05-14 03:44 – Updated: 2022-05-14 03:44Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 15.45.x.x, 15.46.x.x allows unprivileged user to elevate privileges via local access.
{
"affected": [],
"aliases": [
"CVE-2017-5727"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-02T15:29:00Z",
"severity": "HIGH"
},
"details": "Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 15.45.x.x, 15.46.x.x allows unprivileged user to elevate privileges via local access.",
"id": "GHSA-jqr2-8282-9v96",
"modified": "2022-05-14T03:44:29Z",
"published": "2022-05-14T03:44:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5727"
},
{
"type": "WEB",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00089\u0026languageid=en-fr"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JRJ6-7P65-RQF2
Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2025-09-19 21:31In the Linux kernel, the following vulnerability has been resolved:
ASoC: mediatek: sof-common: Add NULL check for normal_link string
It's not granted that all entries of struct sof_conn_stream declare
a normal_link (a non-SOF, direct link) string, and this is the case
for SoCs that support only SOF paths (hence do not support both direct
and SOF usecases).
For example, in the case of MT8188 there is no normal_link string in any of the sof_conn_stream entries and there will be more drivers doing that in the future.
To avoid possible NULL pointer KPs, add a NULL check for normal_link.
{
"affected": [],
"aliases": [
"CVE-2024-35842"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-17T15:15:21Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: sof-common: Add NULL check for normal_link string\n\nIt\u0027s not granted that all entries of struct sof_conn_stream declare\na `normal_link` (a non-SOF, direct link) string, and this is the case\nfor SoCs that support only SOF paths (hence do not support both direct\nand SOF usecases).\n\nFor example, in the case of MT8188 there is no normal_link string in\nany of the sof_conn_stream entries and there will be more drivers\ndoing that in the future.\n\nTo avoid possible NULL pointer KPs, add a NULL check for `normal_link`.",
"id": "GHSA-jrj6-7p65-rqf2",
"modified": "2025-09-19T21:31:15Z",
"published": "2024-05-17T15:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35842"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b1d3db6740d0997ffc6e5a0d96ef7cbd62b35fdd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cad471227a37c0c7c080bfc9ed01b53750e82afe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cde6ca5872bf67744dffa875a7cb521ab007b7ef"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e3b3ec967a7d93b9010a5af9a2394c8b5c8f31ed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JRMM-8WHF-PXXQ
Vulnerability from github – Published: 2025-04-02 15:31 – Updated: 2025-04-10 15:31In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: fix missing .is_two_pixels_per_container
Starting from 6.11, AMDGPU driver, while being loaded with amdgpu.dc=1, due to lack of .is_two_pixels_per_container function in dce60_tg_funcs, causes a NULL pointer dereference on PCs with old GPUs, such as R9 280X.
So this fix adds missing .is_two_pixels_per_container to dce60_tg_funcs.
(cherry picked from commit bd4b125eb949785c6f8a53b0494e32795421209d)
{
"affected": [],
"aliases": [
"CVE-2025-21989"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-02T13:15:43Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix missing .is_two_pixels_per_container\n\nStarting from 6.11, AMDGPU driver, while being loaded with amdgpu.dc=1,\ndue to lack of .is_two_pixels_per_container function in dce60_tg_funcs,\ncauses a NULL pointer dereference on PCs with old GPUs, such as R9 280X.\n\nSo this fix adds missing .is_two_pixels_per_container to dce60_tg_funcs.\n\n(cherry picked from commit bd4b125eb949785c6f8a53b0494e32795421209d)",
"id": "GHSA-jrmm-8whf-pxxq",
"modified": "2025-04-10T15:31:45Z",
"published": "2025-04-02T15:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21989"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/36d04c9313d8d83ead92242f037099ac73e02120"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e204aab79e01bc8ff750645666993ed8b719de57"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fefa811e616b5d0b555ed65743e528a0a8a0b377"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.