CWE-824
AllowedAccess of Uninitialized Pointer
Abstraction: Base · Status: Incomplete
The product accesses or uses a pointer that has not been initialized.
451 vulnerabilities reference this CWE, most recent first.
GHSA-C3W4-9VWQ-3594
Vulnerability from github – Published: 2022-06-25 00:01 – Updated: 2022-07-02 00:00In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. User interaction is not required.
{
"affected": [],
"aliases": [
"CVE-2022-32136"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-24T08:15:00Z",
"severity": "MODERATE"
},
"details": "In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. User interaction is not required.",
"id": "GHSA-c3w4-9vwq-3594",
"modified": "2022-07-02T00:00:28Z",
"published": "2022-06-25T00:01:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32136"
},
{
"type": "WEB",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download="
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C4PX-R9FX-H568
Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5431.
{
"affected": [],
"aliases": [
"CVE-2018-9981"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-17T15:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5431.",
"id": "GHSA-c4px-r9fx-h568",
"modified": "2022-05-13T01:31:37Z",
"published": "2022-05-13T01:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9981"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-379"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C5V6-G38C-9HGP
Vulnerability from github – Published: 2024-01-09 12:30 – Updated: 2024-01-09 12:30A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.
{
"affected": [],
"aliases": [
"CVE-2023-49131"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-09T10:15:19Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in Solid Edge SE2023 (All versions \u003c V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.",
"id": "GHSA-c5v6-g38c-9hgp",
"modified": "2024-01-09T12:30:35Z",
"published": "2024-01-09T12:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49131"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C9MM-8HJ7-WG4J
Vulnerability from github – Published: 2023-03-28 21:30 – Updated: 2023-03-28 21:30Adobe Dimension versions 3.4.7 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2023-26334"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-28T20:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Dimension versions 3.4.7 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-c9mm-8hj7-wg4j",
"modified": "2023-03-28T21:30:18Z",
"published": "2023-03-28T21:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26334"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/dimension/apsb23-20.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CC9G-8GQ4-65MP
Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in information disclosure. In order to trigger this vulnerability, victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2020-6093"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-05-18T17:15:00Z",
"severity": "MODERATE"
},
"details": "An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in information disclosure. In order to trigger this vulnerability, victim must open a malicious file.",
"id": "GHSA-cc9g-8gq4-65mp",
"modified": "2022-05-24T17:18:05Z",
"published": "2022-05-24T17:18:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6093"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1014"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CMPX-J54C-XJ6J
Vulnerability from github – Published: 2022-05-14 02:09 – Updated: 2022-05-14 02:09Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image.
{
"affected": [],
"aliases": [
"CVE-2014-1564"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-09-03T10:55:00Z",
"severity": "MODERATE"
},
"details": "Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image.",
"id": "GHSA-cmpx-j54c-xj6j",
"modified": "2022-05-14T02:09:22Z",
"published": "2022-05-14T02:09:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1564"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1045977"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/128132/Mozilla-Firefox-Secret-Leak.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/Sep/18"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60148"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/61114"
},
{
"type": "WEB",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-69.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/533357/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/69525"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1030793"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1030794"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-CQ7X-C2FJ-552H
Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33An access of uninitialized pointer vulnerability in CX-Supervisor (Versions 3.42 and prior) could lead to type confusion when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
{
"affected": [],
"aliases": [
"CVE-2018-19018"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-12T22:29:00Z",
"severity": "HIGH"
},
"details": "An access of uninitialized pointer vulnerability in CX-Supervisor (Versions 3.42 and prior) could lead to type confusion when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.",
"id": "GHSA-cq7x-c2fj-552h",
"modified": "2022-05-13T01:33:36Z",
"published": "2022-05-13T01:33:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19018"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CRH6-CV2H-F3XM
Vulnerability from github – Published: 2025-05-13 18:30 – Updated: 2025-05-13 18:30Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-43545"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T18:15:40Z",
"severity": "HIGH"
},
"details": "Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-crh6-cv2h-f3xm",
"modified": "2025-05-13T18:30:58Z",
"published": "2025-05-13T18:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43545"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/bridge/apsb25-44.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CXC4-PPV4-GFGJ
Vulnerability from github – Published: 2024-10-29 03:31 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix uninitialized pointer free on read_alloc_one_name() error
The function read_alloc_one_name() does not initialize the name field of the passed fscrypt_str struct if kmalloc fails to allocate the corresponding buffer. Thus, it is not guaranteed that fscrypt_str.name is initialized when freeing it.
This is a follow-up to the linked patch that fixes the remaining instances of the bug introduced by commit e43eec81c516 ("btrfs: use struct qstr instead of name and namelen pairs").
{
"affected": [],
"aliases": [
"CVE-2024-50087"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-29T01:15:05Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix uninitialized pointer free on read_alloc_one_name() error\n\nThe function read_alloc_one_name() does not initialize the name field of\nthe passed fscrypt_str struct if kmalloc fails to allocate the\ncorresponding buffer. Thus, it is not guaranteed that\nfscrypt_str.name is initialized when freeing it.\n\nThis is a follow-up to the linked patch that fixes the remaining\ninstances of the bug introduced by commit e43eec81c516 (\"btrfs: use\nstruct qstr instead of name and namelen pairs\").",
"id": "GHSA-cxc4-ppv4-gfgj",
"modified": "2025-11-04T00:31:51Z",
"published": "2024-10-29T03:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50087"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1ec28de5e476913ae51f909660b4447eddb28838"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2ab5e243c2266c841e0f6904fad1514b18eaf510"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7fc7c47b9ba0cf2d192f2117a64b24881b0b577f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b37de9491f140a0ff125c27dd1050185c3accbc1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F2F5-XCRP-M3X6
Vulnerability from github – Published: 2023-11-16 12:30 – Updated: 2023-11-16 12:30Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2023-44365"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-16T10:15:16Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-f2f5-xcrp-m3x6",
"modified": "2023-11-16T12:30:21Z",
"published": "2023-11-16T12:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44365"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.