CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-J3RR-33RW-Q469
Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2022-05-13 01:28Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2018-15930"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-12T18:29:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.",
"id": "GHSA-j3rr-33rw-q469",
"modified": "2022-05-13T01:28:07Z",
"published": "2022-05-13T01:28:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15930"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
},
{
"type": "WEB",
"url": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105442"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041809"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J3RR-WP98-2675
Vulnerability from github – Published: 2026-01-20 21:31 – Updated: 2026-01-21 15:31NULL pointer dereference in the daap_reply_groups function in src/httpd_daap.c in owntone-server through commit 5e6f19a (newer commit after version 28.2) allows remote attackers to cause a Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2025-57155"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-20T21:16:03Z",
"severity": "HIGH"
},
"details": "NULL pointer dereference in the daap_reply_groups function in src/httpd_daap.c in owntone-server through commit 5e6f19a (newer commit after version 28.2) allows remote attackers to cause a Denial of Service.",
"id": "GHSA-j3rr-wp98-2675",
"modified": "2026-01-21T15:31:15Z",
"published": "2026-01-20T21:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57155"
},
{
"type": "WEB",
"url": "https://github.com/owntone/owntone-server/commit/d857116e4143a500d6a1ea13f4baa057ba3b0028"
},
{
"type": "WEB",
"url": "https://github.com/archersec/security-advisories/blob/master/owntone-server/owntone-server-advisory-2025.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J3V4-V6H2-F4PP
Vulnerability from github – Published: 2025-02-19 00:31 – Updated: 2025-11-03 21:32FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
{
"affected": [],
"aliases": [
"CVE-2025-22921"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-18T22:15:18Z",
"severity": "MODERATE"
},
"details": "FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.",
"id": "GHSA-j3v4-v6h2-f4pp",
"modified": "2025-11-03T21:32:46Z",
"published": "2025-02-19T00:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22921"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00037.html"
},
{
"type": "WEB",
"url": "https://trac.ffmpeg.org/ticket/11393"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J3W2-2P33-X67Q
Vulnerability from github – Published: 2025-07-25 12:31 – Updated: 2025-07-25 12:31NULL Pointer Dereference in µD3TN via non-singleton destination Endpoint Identifier allows remote attacker to reliably cause DoS
{
"affected": [],
"aliases": [
"CVE-2025-8183"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-25T10:15:36Z",
"severity": "HIGH"
},
"details": "NULL Pointer Dereference in \u00b5D3TN via non-singleton destination Endpoint Identifier allows remote attacker to reliably cause DoS",
"id": "GHSA-j3w2-2p33-x67q",
"modified": "2025-07-25T12:31:18Z",
"published": "2025-07-25T12:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8183"
},
{
"type": "WEB",
"url": "https://gitlab.com/d3tn/ud3tn/-/issues/255"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J3WM-C6RH-6RW8
Vulnerability from github – Published: 2022-05-14 03:33 – Updated: 2022-05-14 03:33An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted .ps file.
{
"affected": [],
"aliases": [
"CVE-2017-18237"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-15T19:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted .ps file.",
"id": "GHSA-j3wm-c6rh-6rw8",
"modified": "2022-05-14T03:33:17Z",
"published": "2022-05-14T03:33:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18237"
},
{
"type": "WEB",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101914"
},
{
"type": "WEB",
"url": "https://cgit.freedesktop.org/exempi/commit/?id=f19d0107fbae1fb41836cd110d4425e407e64048"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J425-PCFW-2HMG
Vulnerability from github – Published: 2022-05-17 04:55 – Updated: 2022-05-17 04:55net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.
{
"affected": [],
"aliases": [
"CVE-2013-1059"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-07-08T17:55:00Z",
"severity": "HIGH"
},
"details": "net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.",
"id": "GHSA-j425-pcfw-2hmg",
"modified": "2022-05-17T04:55:24Z",
"published": "2022-05-17T04:55:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1059"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=767633\u0026action=diff"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=977356"
},
{
"type": "WEB",
"url": "http://hkpco.kr/advisory/CVE-2013-1059.txt"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00012.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2013/07/09/7"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1941-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1942-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-J43M-HRXF-C3HP
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function pool_lookup_string2() located in pool.c. It allows an attacker to cause Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2021-39583"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-20T16:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function pool_lookup_string2() located in pool.c. It allows an attacker to cause Denial of Service.",
"id": "GHSA-j43m-hrxf-c3hp",
"modified": "2022-05-24T19:15:05Z",
"published": "2022-05-24T19:15:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39583"
},
{
"type": "WEB",
"url": "https://github.com/matthiaskramm/swftools/issues/136"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-J44Q-5MX6-236V
Vulnerability from github – Published: 2024-05-19 12:30 – Updated: 2025-01-31 15:30In the Linux kernel, the following vulnerability has been resolved:
net: phy: phy_device: Prevent nullptr exceptions on ISR
If phydev->irq is set unconditionally, check for valid interrupt handler or fall back to polling mode to prevent nullptr exceptions in interrupt service routine.
{
"affected": [],
"aliases": [
"CVE-2024-35945"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-19T11:15:50Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: phy_device: Prevent nullptr exceptions on ISR\n\nIf phydev-\u003eirq is set unconditionally, check\nfor valid interrupt handler or fall back to polling mode to prevent\nnullptr exceptions in interrupt service routine.",
"id": "GHSA-j44q-5mx6-236v",
"modified": "2025-01-31T15:30:41Z",
"published": "2024-05-19T12:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35945"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3419ee39e3d3162ab2ec9942bb537613ed5b6311"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/61c81872815f46006982bb80460c0c80a949b35b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7a71f61ebf95cedd3f245db6da397822971d8db5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J4G5-7MR3-H3W3
Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change.
{
"affected": [],
"aliases": [
"CVE-2010-2495"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-09-08T20:00:00Z",
"severity": "HIGH"
},
"details": "The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change.",
"id": "GHSA-j4g5-7mr3-h3w3",
"modified": "2022-05-13T01:24:28Z",
"published": "2022-05-13T01:24:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2495"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2010-2495"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607054"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3feec9095d12e311b7d4eb7fe7e5dfa75d4a72a5"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3feec9095d12e311b7d4eb7fe7e5dfa75d4a72a5"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2010/06/23/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2010/07/04/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2010/07/04/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2010/07/06/11"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1000-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-J4QG-W554-C3HR
Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-16 21:30In the Linux kernel, the following vulnerability has been resolved:
media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish()
When the driver calls cx23885_risc_buffer() to prepare the buffer, the function call dma_alloc_coherent may fail, resulting in a empty buffer risc->cpu. Later when we free the buffer or access the buffer, null ptr deref is triggered.
This bug is similar to the following one: https://git.linuxtv.org/media_stage.git/commit/?id=2b064d91440b33fba5b452f2d1b31f13ae911d71.
We believe the bug can be also dynamically triggered from user side. Similarly, we fix this by checking the return value of cx23885_risc_buffer() and the value of risc->cpu before buffer free.
{
"affected": [],
"aliases": [
"CVE-2023-53458"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T12:15:47Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish()\n\nWhen the driver calls cx23885_risc_buffer() to prepare the buffer, the\nfunction call dma_alloc_coherent may fail, resulting in a empty buffer\nrisc-\u003ecpu. Later when we free the buffer or access the buffer, null ptr\nderef is triggered.\n\nThis bug is similar to the following one:\nhttps://git.linuxtv.org/media_stage.git/commit/?id=2b064d91440b33fba5b452f2d1b31f13ae911d71.\n\nWe believe the bug can be also dynamically triggered from user side.\nSimilarly, we fix this by checking the return value of cx23885_risc_buffer()\nand the value of risc-\u003ecpu before buffer free.",
"id": "GHSA-j4qg-w554-c3hr",
"modified": "2026-01-16T21:30:29Z",
"published": "2025-10-01T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53458"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/47e8b73bc35d7c54642f78e498697692f6358996"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5b8e5e28e85a546dfccc3895befe0e823fdd7c89"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6738841f6fcf23e9fc30e2449f32fc84ee19c6f1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f0a06203f2fe63f04311467200c99c4ee1926578"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.