CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6305 vulnerabilities reference this CWE, most recent first.
GHSA-MG5F-88X3-G9CW
Vulnerability from github – Published: 2022-05-13 01:08 – Updated: 2025-08-07 00:30pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
{
"affected": [],
"aliases": [
"CVE-2019-9923"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-22T08:29:00Z",
"severity": "HIGH"
},
"details": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.",
"id": "GHSA-mg5f-88x3-g9cw",
"modified": "2025-08-07T00:30:31Z",
"published": "2022-05-13T01:08:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9923"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html"
},
{
"type": "WEB",
"url": "http://savannah.gnu.org/bugs/?55369"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MG6H-9RRQ-3F7M
Vulnerability from github – Published: 2025-09-05 18:31 – Updated: 2025-11-25 21:32In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: ufs-qcom: Fix ESI null pointer dereference
ESI/MSI is a performance optimization feature that provides dedicated interrupts per MCQ hardware queue. This is optional feature and UFS MCQ should work with and without ESI feature.
Commit e46a28cea29a ("scsi: ufs: qcom: Remove the MSI descriptor abuse") brings a regression in ESI (Enhanced System Interrupt) configuration that causes a null pointer dereference when Platform MSI allocation fails.
The issue occurs in when platform_device_msi_init_and_alloc_irqs() in ufs_qcom_config_esi() fails (returns -EINVAL) but the current code uses __free() macro for automatic cleanup free MSI resources that were never successfully allocated.
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
Call trace: mutex_lock+0xc/0x54 (P) platform_device_msi_free_irqs_all+0x1c/0x40 ufs_qcom_config_esi+0x1d0/0x220 [ufs_qcom] ufshcd_config_mcq+0x28/0x104 ufshcd_init+0xa3c/0xf40 ufshcd_pltfrm_init+0x504/0x7d4 ufs_qcom_probe+0x20/0x58 [ufs_qcom]
Fix by restructuring the ESI configuration to try MSI allocation first, before any other resource allocation and instead use explicit cleanup instead of __free() macro to avoid cleanup of unallocated resources.
Tested on SM8750 platform with MCQ enabled, both with and without Platform ESI support.
{
"affected": [],
"aliases": [
"CVE-2025-39674"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-05T18:15:43Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: ufs-qcom: Fix ESI null pointer dereference\n\nESI/MSI is a performance optimization feature that provides dedicated\ninterrupts per MCQ hardware queue. This is optional feature and UFS MCQ\nshould work with and without ESI feature.\n\nCommit e46a28cea29a (\"scsi: ufs: qcom: Remove the MSI descriptor abuse\")\nbrings a regression in ESI (Enhanced System Interrupt) configuration that\ncauses a null pointer dereference when Platform MSI allocation fails.\n\nThe issue occurs in when platform_device_msi_init_and_alloc_irqs() in\nufs_qcom_config_esi() fails (returns -EINVAL) but the current code uses\n__free() macro for automatic cleanup free MSI resources that were never\nsuccessfully allocated.\n\nUnable to handle kernel NULL pointer dereference at virtual\naddress 0000000000000008\n\n Call trace:\n mutex_lock+0xc/0x54 (P)\n platform_device_msi_free_irqs_all+0x1c/0x40\n ufs_qcom_config_esi+0x1d0/0x220 [ufs_qcom]\n ufshcd_config_mcq+0x28/0x104\n ufshcd_init+0xa3c/0xf40\n ufshcd_pltfrm_init+0x504/0x7d4\n ufs_qcom_probe+0x20/0x58 [ufs_qcom]\n\nFix by restructuring the ESI configuration to try MSI allocation first,\nbefore any other resource allocation and instead use explicit cleanup\ninstead of __free() macro to avoid cleanup of unallocated resources.\n\nTested on SM8750 platform with MCQ enabled, both with and without\nPlatform ESI support.",
"id": "GHSA-mg6h-9rrq-3f7m",
"modified": "2025-11-25T21:32:03Z",
"published": "2025-09-05T18:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39674"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6300d5c5438724c0876828da2f6e2c1a661871fc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aaf17a35a59572c8b29372883619c3dbb0ebb50a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MG73-F6MR-Q5CW
Vulnerability from github – Published: 2022-01-04 00:01 – Updated: 2022-01-13 00:01Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
{
"affected": [],
"aliases": [
"CVE-2021-30271"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-03T08:15:00Z",
"severity": "HIGH"
},
"details": "Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"id": "GHSA-mg73-f6mr-q5cw",
"modified": "2022-01-13T00:01:46Z",
"published": "2022-01-04T00:01:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30271"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MG95-X73R-76MG
Vulnerability from github – Published: 2022-01-26 00:01 – Updated: 2022-01-29 00:00Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file.
{
"affected": [],
"aliases": [
"CVE-2021-45847"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-25T14:15:00Z",
"severity": "MODERATE"
},
"details": "Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file.",
"id": "GHSA-mg95-x73r-76mg",
"modified": "2022-01-29T00:00:55Z",
"published": "2022-01-26T00:01:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45847"
},
{
"type": "WEB",
"url": "https://github.com/slic3r/Slic3r/issues/5118"
},
{
"type": "WEB",
"url": "https://github.com/slic3r/Slic3r/issues/5119"
},
{
"type": "WEB",
"url": "https://github.com/slic3r/Slic3r/issues/5120"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MGH8-MJVW-M7J5
Vulnerability from github – Published: 2025-09-18 18:30 – Updated: 2025-12-11 15:30In the Linux kernel, the following vulnerability has been resolved:
media: platform: mediatek: vpu: fix NULL ptr dereference
If pdev is NULL, then it is still dereferenced.
This fixes this smatch warning:
drivers/media/platform/mediatek/vpu/mtk_vpu.c:570 vpu_load_firmware() warn: address of NULL pointer 'pdev'
{
"affected": [],
"aliases": [
"CVE-2023-53425"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T16:15:46Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: platform: mediatek: vpu: fix NULL ptr dereference\n\nIf pdev is NULL, then it is still dereferenced.\n\nThis fixes this smatch warning:\n\ndrivers/media/platform/mediatek/vpu/mtk_vpu.c:570 vpu_load_firmware() warn: address of NULL pointer \u0027pdev\u0027",
"id": "GHSA-mgh8-mjvw-m7j5",
"modified": "2025-12-11T15:30:30Z",
"published": "2025-09-18T18:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53425"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/099e929e7477f37ca16738fc158d7101c0189ca1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1b3f25d3894a091abc247eadab266a2c9be64389"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2caeb722f0ea5d2d24af30bb1753a89d449b6aa0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3df55cd773e8603b623425cc97b05e542854ad27"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4d299e6e0ac3cf8ab4517dc29c9294bc4bf72398"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/776b34615a29551d69d82a0082e7319d5ea284bd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b7bd48f0be84e24d21aa3a8f59a8a9cb8633a1c4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c1c5826223ae05a48d21f6708c6f34ee9006238c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MGHP-5H48-X5GX
Vulnerability from github – Published: 2022-05-14 03:40 – Updated: 2022-05-14 03:40An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components.
{
"affected": [],
"aliases": [
"CVE-2018-7175"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-15T21:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components.",
"id": "GHSA-mghp-5h48-x5gx",
"modified": "2022-05-14T03:40:06Z",
"published": "2022-05-14T03:40:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7175"
},
{
"type": "WEB",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=613"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MGJ9-J8FG-4QPR
Vulnerability from github – Published: 2024-08-17 09:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes
In psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd.
{
"affected": [],
"aliases": [
"CVE-2024-42309"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-17T09:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes\n\nIn psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd.",
"id": "GHSA-mgj9-j8fg-4qpr",
"modified": "2025-11-04T00:31:13Z",
"published": "2024-08-17T09:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42309"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/13b5f3ee94bdbdc4b5f40582aab62977905aedee"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2df7aac81070987b0f052985856aa325a38debf6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/46d2ef272957879cbe30a884574320e7f7d78692"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/475a5b3b7c8edf6e583a9eb59cf28ea770602e14"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6735d02ead7dd3adf74eb8b70aebd09e0ce78ec9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7e52c62ff029f95005915c0a11863b5fb5185c8c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d6ad202f73f8edba0cbc0065aa57a79ffe8fdcdc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f70ffeca546452d1acd3a70ada56ecb2f3e7f811"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MGQG-WQXJ-Q43C
Vulnerability from github – Published: 2025-02-10 18:30 – Updated: 2025-11-03 21:32In the Linux kernel, the following vulnerability has been resolved:
USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
This patch addresses a null-ptr-deref in qt2_process_read_urb() due to an incorrect bounds check in the following:
if (newport > serial->num_ports) {
dev_err(&port->dev,
"%s - port change to invalid port: %i\n",
__func__, newport);
break;
}
The condition doesn't account for the valid range of the serial->port buffer, which is from 0 to serial->num_ports - 1. When newport is equal to serial->num_ports, the assignment of "port" in the following code is out-of-bounds and NULL:
serial_priv->current_port = newport;
port = serial->port[serial_priv->current_port];
The fix checks if newport is greater than or equal to serial->num_ports indicating it is out-of-bounds.
{
"affected": [],
"aliases": [
"CVE-2025-21689"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-10T16:15:38Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport \u003e serial-\u003enum_ports) {\n dev_err(\u0026port-\u003edev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn\u0027t account for the valid range of the serial-\u003eport\nbuffer, which is from 0 to serial-\u003enum_ports - 1. When newport is equal\nto serial-\u003enum_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv-\u003ecurrent_port = newport;\n port = serial-\u003eport[serial_priv-\u003ecurrent_port];\n\nThe fix checks if newport is greater than or equal to serial-\u003enum_ports\nindicating it is out-of-bounds.",
"id": "GHSA-mgqg-wqxj-q43c",
"modified": "2025-11-03T21:32:41Z",
"published": "2025-02-10T18:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21689"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b9b41fabcd38990f69ef0cee9c631d954a2b530"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/575a5adf48b06a2980c9eeffedf699ed5534fade"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6068dcff7f19e9fa6fa23ee03453ad6a40fa4efe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6377838560c03b36e1153a42ef727533def9b68f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8542b33622571f54dfc2a267fce378b6e3840b8b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/94770cf7c5124f0268d481886829dc2beecc4507"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f371471708c7d997f763b0e70565026eb67cc470"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fa4c7472469d97c4707698b4c0e098f8cfc2bf22"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MGR9-PM96-3XMM
Vulnerability from github – Published: 2022-11-04 12:00 – Updated: 2022-11-07 12:00OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot.
{
"affected": [],
"aliases": [
"CVE-2022-43495"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-03T20:15:00Z",
"severity": "HIGH"
},
"details": "OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot.",
"id": "GHSA-mgr9-pm96-3xmm",
"modified": "2022-11-07T12:00:35Z",
"published": "2022-11-04T12:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43495"
},
{
"type": "WEB",
"url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-11.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MGVJ-94J9-X737
Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2022-05-24 17:00DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.
{
"affected": [],
"aliases": [
"CVE-2019-18804"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-07T06:15:00Z",
"severity": "MODERATE"
},
"details": "DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.",
"id": "GHSA-mgvj-94j9-x737",
"modified": "2022-05-24T17:00:38Z",
"published": "2022-05-24T17:00:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18804"
},
{
"type": "WEB",
"url": "https://github.com/TeamSeri0us/pocs/blob/master/djvulibre/DJVU__filter_fv%40IW44EncodeCodec.cpp_499-43___SEGV_UNKNOW.md"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00004.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00022.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO65AWU7LEWNF6DDCZPRFTR2ZPP5XK6L"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYPWP5T7TSUNZV4UEIRRCTVWO6VBZWJV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QUEME45HVGTMDOYODAZYQOGWSZ2CEFWZ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SWT7E7BMWV5T33AMU6OGDPPTPIGCFFZF"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/djvu/bugs/309"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4198-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-5032"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00068.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00069.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.