Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-M6WQ-66P2-C8PC

Vulnerability from github – Published: 2025-12-08 22:20 – Updated: 2025-12-17 01:09
VLAI
Summary
Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers
Details

Summary

A vulnerability exists in Babylon’s BLS vote extension processing where a malicious active validator can submit a VoteExtension with the block_hash field omitted from the protobuf serialization. Because protobuf fields are optional, unmarshalling succeeds but leaves BlockHash as nil. Babylon then dereferences this nil pointer in consensus-critical code paths (notably VerifyVoteExtension, and also proposal-time vote verification), causing a runtime panic.

Impact

Intermittent validator crashes at epoch boundaries, which would slow down the creation of the epoch boundary block.

Finder

Vulnerability discovered by:

  • @GrumpyLaurie55348
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/babylonlabs-io/babylon/v4"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/babylonlabs-io/babylon/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "3.0.0-snapshot.250805a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/babylonlabs-io/babylon/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/babylonlabs-io/babylon"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-08T22:20:24Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\n\nA vulnerability exists in Babylon\u2019s BLS vote extension processing where a malicious active validator can submit a VoteExtension with the `block_hash` field omitted from the protobuf serialization. Because protobuf fields are optional, unmarshalling succeeds but leaves `BlockHash` as nil. Babylon then dereferences this nil pointer in consensus-critical code paths (notably `VerifyVoteExtension`, and also proposal-time vote verification), causing a runtime panic.\n\n### Impact\n\nIntermittent validator crashes at epoch boundaries, which would slow down the creation of the epoch boundary block.\n\n### Finder \n\nVulnerability discovered by:\n\n- @GrumpyLaurie55348",
  "id": "GHSA-m6wq-66p2-c8pc",
  "modified": "2025-12-17T01:09:11Z",
  "published": "2025-12-08T22:20:24Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/babylonlabs-io/babylon/security/advisories/GHSA-m6wq-66p2-c8pc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/babylonlabs-io/babylon/commit/f79ad58c1d5bcab3451cb7a47c91e713935917d7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/babylonlabs-io/babylon"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers"
}

GHSA-M6X5-R2X6-WG47

Vulnerability from github – Published: 2022-05-24 16:53 – Updated: 2023-03-03 15:30
VLAI
Details

An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-15218"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-19T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.",
  "id": "GHSA-m6x5-r2x6-wg47",
  "modified": "2023-03-03T15:30:19Z",
  "published": "2022-05-24T16:53:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15218"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31e0456de5be379b10fea0fa94a681057114a96e"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190905-0002"
    },
    {
      "type": "WEB",
      "url": "https://syzkaller.appspot.com/bug?id=4a5d7c8c2b6dbedb5b7218c6d7e8666bd2387517"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4115-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4118-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4147-1"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/08/20/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/08/22/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/08/22/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/08/22/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/08/22/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M73J-97V7-6695

Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23
VLAI
Details

The aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-4342"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-12-30T19:00:00Z",
    "severity": "HIGH"
  },
  "details": "The aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP.",
  "id": "GHSA-m73j-97v7-6695",
  "modified": "2022-05-13T01:23:55Z",
  "published": "2022-05-13T01:23:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4342"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e085e76cbe558b79b54cbab772f61185879bc64"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4e085e76cbe558b79b54cbab772f61185879bc64"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=linux-netdev\u0026m=129185496013580\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=linux-netdev\u0026m=129186011218615\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2010/12/09/1"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2010/12/09/2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43291"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc6"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/45321"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0375"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-M73X-6GVH-9839

Vulnerability from github – Published: 2024-12-07 00:31 – Updated: 2024-12-12 03:33
VLAI
Details

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-44855"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-06T22:15:21Z",
    "severity": "HIGH"
  },
  "details": "Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner().",
  "id": "GHSA-m73x-6gvh-9839",
  "modified": "2024-12-12T03:33:00Z",
  "published": "2024-12-07T00:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44855"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open-navigation/navigation2/issues/4466"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ros-navigation/navigation2/pull/4463"
    },
    {
      "type": "WEB",
      "url": "https://github.com/GoesM/ROS-CVE-CNVDs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M75C-J939-X6C2

Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-11-03 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: pcm: Add sanity NULL check for the default mmap fault handler

A driver might allow the mmap access before initializing its runtime->dma_area properly. Add a proper NULL check before passing to virt_to_page() for avoiding a panic.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53180"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-27T14:15:25Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Add sanity NULL check for the default mmap fault handler\n\nA driver might allow the mmap access before initializing its\nruntime-\u003edma_area properly.  Add a proper NULL check before passing to\nvirt_to_page() for avoiding a panic.",
  "id": "GHSA-m75c-j939-x6c2",
  "modified": "2025-11-03T21:31:47Z",
  "published": "2024-12-27T15:31:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53180"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0c4c9bf5eab7bee6b606f2abb0993e933b5831a0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/832efbb74b1578e3737d593a204d42af8bd1b81b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8799f4332a9fd812eadfbc32fc5104d6292f754f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bc200027ee92fba84f1826494735ed675f3aa911"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d2913a07d9037fe7aed4b7e680684163eaed6bc4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f0ce9e24eff1678c16276f9717f26a78202506a2"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M75F-WCJQ-49MW

Vulnerability from github – Published: 2022-05-13 01:30 – Updated: 2022-05-13 01:30
VLAI
Details

The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7642"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-02T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.",
  "id": "GHSA-m75f-wcjq-49mw",
  "modified": "2022-05-13T01:30:45Z",
  "published": "2022-05-13T01:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7642"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHBA-2019:0327"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3032"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201811-17"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22887"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=116acb2c268c89c89186673a7c92620d21825b25"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M786-RXFF-X32M

Vulnerability from github – Published: 2023-06-06 06:30 – Updated: 2024-04-04 04:33
VLAI
Details

In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48444"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476",
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-06T06:15:50Z",
    "severity": "MODERATE"
  },
  "details": "In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.",
  "id": "GHSA-m786-rxff-x32m",
  "modified": "2024-04-04T04:33:06Z",
  "published": "2023-06-06T06:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48444"
    },
    {
      "type": "WEB",
      "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M7GH-37PM-CCHX

Vulnerability from github – Published: 2026-04-01 03:31 – Updated: 2026-04-01 03:31
VLAI
Details

The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3776"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-01T02:16:02Z",
    "severity": "MODERATE"
  },
  "details": "The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service.",
  "id": "GHSA-m7gh-37pm-cchx",
  "modified": "2026-04-01T03:31:40Z",
  "published": "2026-04-01T03:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3776"
    },
    {
      "type": "WEB",
      "url": "https://www.foxit.com/support/security-bulletins.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M7GW-R3VF-GF9W

Vulnerability from github – Published: 2022-05-14 01:14 – Updated: 2022-05-14 01:14
VLAI
Details

In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-1000460"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-03T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(\u0026gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.",
  "id": "GHSA-m7gw-r3vf-gf9w",
  "modified": "2022-05-14T01:14:32Z",
  "published": "2022-05-14T01:14:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000460"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.libav.org/show_bug.cgi?id=952"
    },
    {
      "type": "WEB",
      "url": "https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/8e313ca08800178efce00045e07dc494d437b70c"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.ffmpeg.org/pipermail/ffmpeg-cvslog/2017-January/104221.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M7R8-MGXR-2J4V

Vulnerability from github – Published: 2022-05-17 01:16 – Updated: 2022-05-17 01:16
VLAI
Details

The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable.cpp in Bento4 mp42ts before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-12474"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-06T08:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable.cpp in Bento4 mp42ts before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.",
  "id": "GHSA-m7r8-mgxr-2j4v",
  "modified": "2022-05-17T01:16:31Z",
  "published": "2022-05-17T01:16:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12474"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/commit/4d3f0bebd5f8518fd775f671c12bea58c68e814e"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/open?id=0B6wBkDmxMGMKUjNscThnbTlSZ2s"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/open?id=0B9DojFnTUSNGZ1JfNUc1am9pcnc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.