Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

CVE-2025-8114 (GCVE-0-2025-8114)

Vulnerability from cvelistv5 – Published: 2025-07-24 14:14 – Updated: 2026-06-30 01:50
VLAI
Title
Libssh: null pointer dereference in libssh kex session id calculation
Summary
A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
Impacted products
Vendor Product Version
Affected: 0 , < 0.11.3 (semver)
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:0.10.4-18.el9 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9::appstream
    cpe:/o:redhat:enterprise_linux:9::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Create a notification for this product.
Date Public
2025-07-24 00:00
Credits
Red Hat would like to thank Jakub Jelen and Philippe Antoine for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8114",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-24T15:32:04.537761Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-24T15:32:08.957Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://git.libssh.org/projects/libssh.git/",
          "defaultStatus": "unaffected",
          "packageName": "libssh",
          "versions": [
            {
              "lessThan": "0.11.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libssh",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.10.4-18.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libssh",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.10.4-18.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "libssh",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "libssh2",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "libssh2",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "libssh",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Jakub Jelen and Philippe Antoine for reporting this issue."
        }
      ],
      "datePublic": "2025-07-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-30T01:50:07.604Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:18683",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:18683"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-8114"
        },
        {
          "name": "RHBZ#2383220",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383220"
        },
        {
          "url": "https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d"
        },
        {
          "url": "https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9"
        },
        {
          "url": "https://www.libssh.org/security/advisories/CVE-2025-8114.txt"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-24T12:37:24.168Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-07-24T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Libssh: null pointer dereference in libssh kex session id calculation",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-8114",
    "datePublished": "2025-07-24T14:14:47.745Z",
    "dateReserved": "2025-07-24T12:27:58.843Z",
    "dateUpdated": "2026-06-30T01:50:07.604Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-8090 (GCVE-0-2025-8090)

Vulnerability from cvelistv5 – Published: 2026-01-13 16:36 – Updated: 2026-01-13 21:41
VLAI
Title
Vulnerability in the QNX Neutrino Kernel impacts the QNX Software Development Platform and QNX OS for Safety
Summary
Null pointer dereference in the MsgRegisterEvent() system call could allow an attacker with local access and code execution abilities to crash the QNX Neutrino kernel.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
Vendor Product Version
BlackBerry Ltd QNX Software Development Platform Affected: 7.1 and 7.0 (custom)
Affected: cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:* (cpe)
Affected: cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:* (cpe)
Create a notification for this product.
BlackBerry Ltd QNX OS for Safety Affected: 2.2.7 and earlier (custom)
Affected: cpe:2.3:o:blackberry:qnx_os_for_safety:2.2:7:*:*:*:*:*:* (cpe)
Affected: 2.1.4 and earlier (custom)
Affected: cpe:2.3:o:blackberry:qnx_os_for_safety:2.1:4:*:*:*:*:*:* (cpe)
Affected: 2.0.2 and earlier (custom)
Affected: cpe:2.3:o:blackberry:qnx_os_for_safety:2.0:2:*:*:*:*:*:* (cpe)
Create a notification for this product.
BlackBerry Ltd. QNX OS for Medical Affected: 2.0.1 and earlier (custom)
Affected: cpe:2.3:o:blackberry:qnx_os_for_medical:2.0:1:*:*:*:*:*:* (cpe)
Create a notification for this product.
Date Public
2026-01-13 16:25
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8090",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T21:41:44.974623Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T21:41:51.831Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QNX Software Development Platform",
          "vendor": "BlackBerry Ltd",
          "versions": [
            {
              "status": "affected",
              "version": "7.1 and 7.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*",
              "versionType": "cpe"
            },
            {
              "status": "affected",
              "version": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*",
              "versionType": "cpe"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "QNX OS for Safety",
          "vendor": "BlackBerry Ltd",
          "versions": [
            {
              "status": "affected",
              "version": "2.2.7 and earlier",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "cpe:2.3:o:blackberry:qnx_os_for_safety:2.2:7:*:*:*:*:*:*",
              "versionType": "cpe"
            },
            {
              "status": "affected",
              "version": "2.1.4 and earlier",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "cpe:2.3:o:blackberry:qnx_os_for_safety:2.1:4:*:*:*:*:*:*",
              "versionType": "cpe"
            },
            {
              "status": "affected",
              "version": "2.0.2 and earlier",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "cpe:2.3:o:blackberry:qnx_os_for_safety:2.0:2:*:*:*:*:*:*",
              "versionType": "cpe"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "QNX OS for Medical",
          "vendor": "BlackBerry Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.1 and earlier",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "cpe:2.3:o:blackberry:qnx_os_for_medical:2.0:1:*:*:*:*:*:*",
              "versionType": "cpe"
            }
          ]
        }
      ],
      "datePublic": "2026-01-13T16:25:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Null pointer dereference in the MsgRegisterEvent() system call could allow\u0026nbsp;an attacker with local access and code execution abilities to crash the\u0026nbsp;QNX Neutrino kernel."
            }
          ],
          "value": "Null pointer dereference in the MsgRegisterEvent() system call could allow\u00a0an attacker with local access and code execution abilities to crash the\u00a0QNX Neutrino kernel."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-129",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-129 Pointer Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-13T18:57:38.781Z",
        "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "shortName": "blackberry"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://support.blackberry.com/pkb/s/article/141027"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Vulnerability in the QNX Neutrino Kernel impacts the QNX Software Development Platform and QNX OS for Safety",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
    "assignerShortName": "blackberry",
    "cveId": "CVE-2025-8090",
    "datePublished": "2026-01-13T16:36:21.061Z",
    "dateReserved": "2025-07-23T15:38:00.519Z",
    "dateUpdated": "2026-01-13T21:41:51.831Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-7797 (GCVE-0-2025-7797)

Vulnerability from cvelistv5 – Published: 2025-07-18 17:44 – Updated: 2025-07-18 18:04
VLAI
Title
GPAC dash_client.c gf_dash_download_init_segment null pointer dereference
Summary
A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gf_dash_download_init_segment of the file src/media_tools/dash_client.c. The manipulation of the argument base_init_url leads to null pointer dereference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 153ea314b6b053db17164f8bc3c7e1e460938eaa. It is recommended to apply a patch to fix this issue.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a GPAC Affected: 2.0
Affected: 2.1
Affected: 2.2
Affected: 2.3
Affected: 2.4
Credits
CyberGym (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7797",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-18T18:03:12.580815Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-18T18:04:07.333Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GPAC",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2.0"
            },
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "2.2"
            },
            {
              "status": "affected",
              "version": "2.3"
            },
            {
              "status": "affected",
              "version": "2.4"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "CyberGym (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gf_dash_download_init_segment of the file src/media_tools/dash_client.c. The manipulation of the argument base_init_url leads to null pointer dereference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 153ea314b6b053db17164f8bc3c7e1e460938eaa. It is recommended to apply a patch to fix this issue."
        },
        {
          "lang": "de",
          "value": "Eine problematische Schwachstelle wurde in GPAC bis 2.4 ausgemacht. Dies betrifft die Funktion gf_dash_download_init_segment der Datei src/media_tools/dash_client.c. Durch das Manipulieren des Arguments base_init_url mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 153ea314b6b053db17164f8bc3c7e1e460938eaa bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "Denial of Service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-18T17:44:07.920Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-316862 | GPAC dash_client.c gf_dash_download_init_segment null pointer dereference",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.316862"
        },
        {
          "name": "VDB-316862 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.316862"
        },
        {
          "name": "Submit #616664 | GPAC 2.4 (commit 25f31f76bded83d1fa1ae36216f2fb65ae7c483f and before) NULL Pointer Dereference",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.616664"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://drive.google.com/file/d/1Z-C6RajpZ40ujo1iGNt3_mG855mPbs1Q/view?usp=share_link"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/gpac/gpac/commit/153ea314b6b053db17164f8bc3c7e1e460938eaa"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-18T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-07-18T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-07-18T10:06:48.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "GPAC dash_client.c gf_dash_download_init_segment null pointer dereference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-7797",
    "datePublished": "2025-07-18T17:44:07.920Z",
    "dateReserved": "2025-07-18T08:01:36.293Z",
    "dateUpdated": "2025-07-18T18:04:07.333Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-7700 (GCVE-0-2025-7700)

Vulnerability from cvelistv5 – Published: 2025-11-07 18:59 – Updated: 2026-05-06 14:38
VLAI
Title
Ffmpeg: null pointer dereference in ffmpeg als decoder (libavcodec/alsdec.c)
Summary
A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
Impacted products
Vendor Product Version
Affected: 0 , < 8.0 (semver)
Date Public
2025-07-15 00:00
Credits
Red Hat would like to thank Jiasheng Jiang for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7700",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-07T19:07:55.825409Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-07T19:08:06.222Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/FFmpeg/FFmpeg/",
          "defaultStatus": "unaffected",
          "packageName": "ffmpeg",
          "versions": [
            {
              "lessThan": "8.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Jiasheng Jiang for reporting this issue."
        }
      ],
      "datePublic": "2025-07-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in FFmpeg\u2019s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-06T14:38:29.969Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-7700"
        },
        {
          "name": "RHBZ#2380420",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380420"
        },
        {
          "url": "https://github.com/FFmpeg/FFmpeg/commit/35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-16T04:55:06.900Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-07-15T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Ffmpeg: null pointer dereference in ffmpeg als decoder (libavcodec/alsdec.c)",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Users are strongly encouraged to apply vendor-supplied updates or patches as they become available to address this vulnerability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-7700",
    "datePublished": "2025-11-07T18:59:28.962Z",
    "dateReserved": "2025-07-16T05:12:48.951Z",
    "dateUpdated": "2026-05-06T14:38:29.969Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-7462 (GCVE-0-2025-7462)

Vulnerability from cvelistv5 – Published: 2025-07-12 05:32 – Updated: 2025-11-03 17:45
VLAI
Title
Artifex GhostPDL New Output File Open Error gdevpdf.c pdf_ferror null pointer dereference
Summary
A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the function pdf_ferror of the file devices/vector/gdevpdf.c of the component New Output File Open Error Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. The identifier of the patch is 619a106ba4c4abed95110f84d5efcd7aee38c7cb. It is recommended to apply a patch to fix this issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Artifex GhostPDL Affected: 3989415a5b8e99b9d1b87cc9902bde9b7cdea145
Create a notification for this product.
Credits
CyberGym (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7462",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-14T19:13:25.998841Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-14T20:12:52.353Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:45:29.573Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00010.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "New Output File Open Error Handler"
          ],
          "product": "GhostPDL",
          "vendor": "Artifex",
          "versions": [
            {
              "status": "affected",
              "version": "3989415a5b8e99b9d1b87cc9902bde9b7cdea145"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "CyberGym (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the function pdf_ferror of the file devices/vector/gdevpdf.c of the component New Output File Open Error Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. The identifier of the patch is 619a106ba4c4abed95110f84d5efcd7aee38c7cb. It is recommended to apply a patch to fix this issue."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in Artifex GhostPDL bis 3989415a5b8e99b9d1b87cc9902bde9b7cdea145 ausgemacht. Sie wurde als problematisch eingestuft. Dabei betrifft es die Funktion pdf_ferror der Datei devices/vector/gdevpdf.c der Komponente New Output File Open Error Handler. Mittels Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Patch wird als 619a106ba4c4abed95110f84d5efcd7aee38c7cb bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "Denial of Service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-12T05:32:09.177Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-316113 | Artifex GhostPDL New Output File Open Error gdevpdf.c pdf_ferror null pointer dereference",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.316113"
        },
        {
          "name": "VDB-316113 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.316113"
        },
        {
          "name": "Submit #610173 | ArtifexSoftware GhostPDL 3989415a5b8e99b9d1b87cc9902bde9b7cdea145 NULL Pointer Dereference",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.610173"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=619a106ba4c4"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://artifex.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-11T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-07-11T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-07-11T13:34:14.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Artifex GhostPDL New Output File Open Error gdevpdf.c pdf_ferror null pointer dereference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-7462",
    "datePublished": "2025-07-12T05:32:09.177Z",
    "dateReserved": "2025-07-11T11:26:03.018Z",
    "dateUpdated": "2025-11-03T17:45:29.573Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-7209 (GCVE-0-2025-7209)

Vulnerability from cvelistv5 – Published: 2025-07-09 01:02 – Updated: 2025-07-09 17:04
VLAI
Title
9fans plan9port x509.c value_decode null pointer dereference
Summary
A vulnerability has been found in 9fans plan9port up to 9da5b44 and classified as problematic. Affected by this vulnerability is the function value_decode in the library src/libsec/port/x509.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is deae8939583d83fd798fca97665e0e94656c3ee8. It is recommended to apply a patch to fix this issue.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
9fans plan9port Affected: 9da5b44
Create a notification for this product.
Credits
JJLeo (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7209",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-09T17:03:49.274504Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-09T17:04:07.666Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "plan9port",
          "vendor": "9fans",
          "versions": [
            {
              "status": "affected",
              "version": "9da5b44"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "JJLeo (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in 9fans plan9port up to 9da5b44 and classified as problematic. Affected by this vulnerability is the function value_decode in the library src/libsec/port/x509.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is deae8939583d83fd798fca97665e0e94656c3ee8. It is recommended to apply a patch to fix this issue."
        },
        {
          "lang": "de",
          "value": "In 9fans plan9port bis 9da5b44 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Betroffen ist die Funktion value_decode in der Bibliothek src/libsec/port/x509.c. Durch das Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar. Der Patch wird als deae8939583d83fd798fca97665e0e94656c3ee8 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 1.7,
            "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "Denial of Service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-09T01:02:08.354Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-315157 | 9fans plan9port x509.c value_decode null pointer dereference",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.315157"
        },
        {
          "name": "VDB-315157 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.315157"
        },
        {
          "name": "Submit #607685 | 9fans plan9port plan9port-20250329 (commit 9da5b44) NULL Pointer Dereference",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.607685"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/9fans/plan9port/issues/711"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/9fans/plan9port/issues/711#issuecomment-2819905220"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/user-attachments/files/19698361/plan9port_crash_2.txt"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://git.9front.org/plan9front/plan9front/deae8939583d83fd798fca97665e0e94656c3ee8/commit.html"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-07T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-07-07T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-07-07T14:52:36.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "9fans plan9port x509.c value_decode null pointer dereference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-7209",
    "datePublished": "2025-07-09T01:02:08.354Z",
    "dateReserved": "2025-07-07T12:47:19.575Z",
    "dateUpdated": "2025-07-09T17:04:07.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-7018 (GCVE-0-2025-7018)

Vulnerability from cvelistv5 – Published: 2026-06-12 22:13 – Updated: 2026-06-15 16:01
VLAI
Title
Avira antivirus engine null pointer dereference when scanning a malformed PE file
Summary
Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
GEN
Impacted products
Vendor Product Version
Gen Digital Avira Antivirus Affected: 0 , < 8.3.70.64 (custom)
Create a notification for this product.
Date Public
2025-01-31 11:34
Credits
Mike Zhang, an independent security researcher
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7018",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-15T16:01:30.901318Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-15T16:01:44.198Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "macOS",
            "Linux"
          ],
          "product": "Avira Antivirus",
          "vendor": "Gen Digital",
          "versions": [
            {
              "lessThan": "8.3.70.64",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Mike Zhang, an independent security researcher"
        }
      ],
      "datePublic": "2025-01-31T11:34:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process.\u003cp\u003eThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64.\u003c/p\u003e"
            }
          ],
          "value": "Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process.\n\nThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-125",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-125 Denial of Service"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T22:13:49.820Z",
        "orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
        "shortName": "GEN"
      },
      "references": [
        {
          "url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to Avira scan engine build \u003cstrong\u003e8.3.70.64\u003c/strong\u003e or \u003cstrong\u003eany later\u003c/strong\u003e engine release. Builds at or above 8.3.70.64 include the fix."
            }
          ],
          "value": "Upgrade to Avira scan engine build 8.3.70.64 or any later engine release. Builds at or above 8.3.70.64 include the fix."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Avira antivirus engine null pointer dereference when scanning a malformed PE file",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
    "assignerShortName": "GEN",
    "cveId": "CVE-2025-7018",
    "datePublished": "2026-06-12T22:13:49.820Z",
    "dateReserved": "2025-07-02T12:01:13.717Z",
    "dateUpdated": "2026-06-15T16:01:44.198Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-7007 (GCVE-0-2025-7007)

Vulnerability from cvelistv5 – Published: 2025-12-01 16:34 – Updated: 2025-12-01 17:08
VLAI
Title
Null pointer dereference in Avast Antivirus on macOS (16.0.0) or Linux (3.0.3)
Summary
NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
Impacted products
Credits
Mike Zhang
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7007",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-01T17:07:37.642519Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-01T17:08:55.389Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "MacOS"
          ],
          "product": "Antivirus",
          "vendor": "Avast",
          "versions": [
            {
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Anitvirus",
          "vendor": "Avast",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Mike Zhang"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.\u003cp\u003eThis issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3.\u003c/p\u003e"
            }
          ],
          "value": "NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-184",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-184 Software Integrity Attack"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-01T16:34:22.029Z",
        "orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
        "shortName": "NLOK"
      },
      "references": [
        {
          "url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Fixed in virus definitions 25021804 17/Mar/2025"
            }
          ],
          "value": "Fixed in virus definitions 25021804 17/Mar/2025"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Null pointer dereference in Avast Antivirus on  macOS (16.0.0) or Linux (3.0.3)",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
    "assignerShortName": "NLOK",
    "cveId": "CVE-2025-7007",
    "datePublished": "2025-12-01T16:34:22.029Z",
    "dateReserved": "2025-07-02T07:47:01.607Z",
    "dateUpdated": "2025-12-01T17:08:55.389Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-6966 (GCVE-0-2025-6966)

Vulnerability from cvelistv5 – Published: 2025-12-05 12:59 – Updated: 2025-12-15 22:04
VLAI
Title
Null-pointer dereference in python-apt TagSection.keys()
Summary
NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
Impacted products
Vendor Product Version
Canonical python-apt Affected: 3.0 , < 3.0.0ubuntu1.1 (custom)
Affected: 3.0 , < 3.0.0ubuntu0.25.04.1 (custom)
Affected: 2.7 , < 2.7.7ubuntu5.1 (custom)
Affected: 2.4 , < 2.4.0ubuntu4.1 (custom)
Affected: 2.0 , < 2.0.1ubuntu0.20.04.1+esm1 (custom)
Affected: 1.6 , < 1.6.6ubuntu0.1~esm1 (custom)
Affected: 1.1 , < 1.1.0~beta1ubuntu0.16.04.12+esm1 (custom)
Affected: 0 , < 0.9.3.5ubuntu3+esm5 (custom)
Create a notification for this product.
Date Public
2025-12-05 12:00
Credits
Julian Andres Klode
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6966",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-05T14:01:32.250030Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-05T14:01:38.476Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-12-15T22:04:15.781Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://launchpad.net/ubuntu/+source/python-apt",
          "defaultStatus": "unaffected",
          "packageName": "python-apt",
          "platforms": [
            "Linux"
          ],
          "product": "python-apt",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "3.0.0ubuntu1.1",
              "status": "affected",
              "version": "3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.0.0ubuntu0.25.04.1",
              "status": "affected",
              "version": "3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "2.7.7ubuntu5.1",
              "status": "affected",
              "version": "2.7",
              "versionType": "custom"
            },
            {
              "lessThan": "2.4.0ubuntu4.1",
              "status": "affected",
              "version": "2.4",
              "versionType": "custom"
            },
            {
              "lessThan": "2.0.1ubuntu0.20.04.1+esm1",
              "status": "affected",
              "version": "2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.6.6ubuntu0.1~esm1",
              "status": "affected",
              "version": "1.6",
              "versionType": "custom"
            },
            {
              "lessThan": "1.1.0~beta1ubuntu0.16.04.12+esm1",
              "status": "affected",
              "version": "1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "0.9.3.5ubuntu3+esm5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Julian Andres Klode"
        }
      ],
      "datePublic": "2025-12-05T12:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-153",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-153 Input Data Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-08T13:14:27.526Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "url": "https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/2091865"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Null-pointer dereference in python-apt TagSection.keys()"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2025-6966",
    "datePublished": "2025-12-05T12:59:41.320Z",
    "dateReserved": "2025-07-01T09:59:55.552Z",
    "dateUpdated": "2025-12-15T22:04:15.781Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-6858 (GCVE-0-2025-6858)

Vulnerability from cvelistv5 – Published: 2025-06-29 11:00 – Updated: 2025-06-30 20:11
VLAI
Title
HDF5 H5Centry.c H5C__flush_single_entry null pointer dereference
Summary
A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flush_single_entry of the file src/H5Centry.c. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a HDF5 Affected: 1.14.6
Credits
JJLeo (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6858",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-30T20:11:29.330857Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-30T20:11:40.651Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "HDF5",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "1.14.6"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "JJLeo (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flush_single_entry of the file src/H5Centry.c. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in HDF5 1.14.6 gefunden. Sie wurde als problematisch eingestuft. Davon betroffen ist die Funktion H5C__flush_single_entry der Datei src/H5Centry.c. Mittels dem Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 1.7,
            "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "Denial of Service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-29T11:00:14.487Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-314330 | HDF5 H5Centry.c H5C__flush_single_entry null pointer dereference",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.314330"
        },
        {
          "name": "VDB-314330 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.314330"
        },
        {
          "name": "Submit #602530 | HDFGroup HDF5 hdf5 1.14.6 (commit 17c16b6) NULL Pointer Dereference",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.602530"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/HDFGroup/hdf5/issues/5576"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/user-attachments/files/20623475/hdf5_crash_8.txt"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-06-28T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-06-28T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-06-28T12:48:06.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "HDF5 H5Centry.c H5C__flush_single_entry null pointer dereference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-6858",
    "datePublished": "2025-06-29T11:00:14.487Z",
    "dateReserved": "2025-06-28T10:42:56.282Z",
    "dateUpdated": "2025-06-30T20:11:40.651Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.