CVE-2026-47308

Vulnerability

A NULL pointer dereference vulnerability exists in the Samsung Open Source Walrus project, affecting commit f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9. The exact code path and conditions required to trigger the dereference are not publicly detailed in the available references, but the vulnerability is classified as a pointer manipulation issue.

Exploitation

An attacker who can supply crafted input to the affected component may trigger a NULL pointer dereference. The specific attack vector, required privileges, and user interaction are not fully disclosed in the available references. The associated pull request [1] suggests that the vulnerability arises from improper error handling, which could be exploited under certain error conditions.

Impact

Successful exploitation leads to a denial of service (crash) due to the NULL pointer dereference. The CVSS v3 score of 5.5 (Medium) indicates a moderate impact on availability. While the description mentions pointer manipulation, the available references do not confirm additional memory corruption or code execution beyond the crash.

Mitigation

The fix is addressed in pull request #409 by zherczeg, which improves error throwing to avoid the NULL pointer dereference [1]. Users are advised to update to a version that includes this commit. As of the publication date (2026-05-19), no specific version number is provided; the affected commit is f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9. The patch is available in the referenced pull request.