VYPR

CWE-252

Unchecked Return Value

BaseDraftLikelihood: Low

Description

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Two common programmer assumptions are "this function call can never fail" and "it doesn't matter if this function call fails". If an attacker can force the function to fail or otherwise return a value that is not expected, then the subsequent program logic could lead to a vulnerability, because the product is not in a state that the programmer assumes. For example, if the program calls a function to drop privileges but does not check the return code to ensure that privileges were successfully dropped, then the program will continue to operate with the higher privileges.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (55)

page 2 of 3
  • CVE-2026-46521MedJun 10, 2026
    risk 0.36cvss 5.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in…

  • CVE-2017-0774MedSep 8, 2017
    risk 0.36cvss 5.5epss 0.00

    A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62673844.

  • CVE-2017-0599MedMay 12, 2017
    risk 0.36cvss 5.5epss 0.01

    A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0,…

  • CVE-2026-33983MedMar 30, 2026
    risk 0.35cvss 6.5epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressive_decompress_tile_upgrade() detects a mismatch via progressive_rfx_quant_cmp_equal() but only emits WLog_WARN, execution continues. The wrapped value (247) is used as a shift…

  • CVE-2026-29905MedMar 26, 2026
    risk 0.35cvss 6.5epss 0.00

    Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (DoS) via a malformed image upload. The application fails to properly validate the return value of the PHP getimagesize() function. When the system attempts to…

  • CVE-2024-12650MedMar 5, 2025
    risk 0.35cvss 5.4epss 0.00

    An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications.

  • CVE-2016-10061MedMar 3, 2017
    risk 0.35cvss 6.5epss 0.03

    The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.

  • CVE-2016-10060MedMar 2, 2017
    risk 0.35cvss 6.5epss 0.02

    The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

  • CVE-2024-45775MedFeb 18, 2025
    risk 0.34cvss 5.2epss 0.00

    A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the…

  • CVE-2026-23301MedMar 25, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Add allocation failure check for Entity name Currently find_sdca_entity_iot() can allocate a string for the Entity name but it doesn't check if that allocation succeeded. Add the missing NULL check…

  • CVE-2025-22026MedApr 16, 2025
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svc_proc_register() Currently, nfsd_proc_stat_init() ignores the return value of svc_proc_register(). If the procfile creation fails, then the kernel will WARN when it…

  • CVE-2026-35468MedApr 3, 2026
    risk 0.27cvss 5.3epss 0.01

    nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call…

  • CVE-2026-20793LowMay 12, 2026
    risk 0.21cvss 3.3epss 0.00

    Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of…

  • CVE-2026-35344LowApr 22, 2026
    risk 0.21cvss 3.3epss 0.00

    The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok() on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular…

  • CVE-2025-11839LowOct 16, 2025
    risk 0.21cvss 3.3epss 0.00

    A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used…

  • CVE-2025-58903LowOct 14, 2025
    risk 0.18cvss 2.7epss 0.01

    An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null Pointer Dereference, crashing the http daemon via a specialy crafted request.

  • CVE-2005-4360Dec 20, 2005
    risk 0.10cvss epss 0.87

    The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value…

  • CVE-2026-31830Mar 10, 2026
    risk 0.00cvss epss 0.00

    sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifier#verify does not propagate the VerificationFailure returned by verify_in_toto when the artifact digest does not match the digest in the…

  • CVE-2026-28691Mar 9, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. This vulnerability is fixed in 7.1.2-16…

  • CVE-2025-66565Dec 9, 2025
    risk 0.00cvss epss 0.00

    Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator (crypto/rand) fails, both functions silently fall back to returning predictable UUID values, including the zero UUID…