VYPR

CWE-690

Unchecked Return Value to NULL Pointer Dereference

CompoundDraft

Description

The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.

While unchecked return value weaknesses are not limited to returns of NULL pointers (see the examples in CWE-252), functions often return NULL to indicate an error status. When this error condition is not checked, a NULL pointer dereference can occur.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (7)

  • CVE-2026-24160MedMay 20, 2026
    risk 0.36cvss 5.5epss 0.00

    NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.

  • CVE-2026-44638LowMay 14, 2026
    risk 0.16cvss 2.5epss 0.00

    libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_decode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the…

  • CVE-2022-41957Nov 28, 2022
    risk 0.00cvss epss 0.01

    Muhammara is a node module with c/cpp bindings to modify PDF with JavaScript for node or electron. The package muhammara before 2.6.2 and from 3.0.0 and before 3.3.0, as well as all versions of muhammara's predecessor package hummus, are vulnerable to Denial of Service (DoS)…

  • CVE-2022-39381Nov 2, 2022
    risk 0.00cvss epss 0.01

    Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously…

  • CVE-2022-25885Nov 1, 2022
    risk 0.00cvss epss 0.01

    The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data.

  • CVE-2022-25892Nov 1, 2022
    risk 0.00cvss epss 0.01

    The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.

  • CVE-2021-21479Feb 9, 2021
    risk 0.00cvss epss 0.10

    In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.