VYPR

CWE-824

Access of Uninitialized Pointer

BaseIncomplete

Description

The product accesses or uses a pointer that has not been initialized.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (80)

page 1 of 4
  • CVE-2015-1770HigKEVJun 10, 2015
    risk 0.72cvss 8.8epss 0.35

    Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Uninitialized Memory Use Vulnerability."

  • CVE-2017-12561CriFeb 15, 2018
    risk 0.66cvss 9.8epss 0.31

    A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found.

  • CVE-2026-2805CriFeb 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Invalid pointer in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

  • CVE-2026-2785CriFeb 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Invalid pointer in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

  • CVE-2018-17141CriSep 21, 2018
    risk 0.64cvss 9.8epss 0.06

    HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.

  • CVE-2017-16378HigDec 9, 2017
    risk 0.58cvss 8.8epss 0.07

    An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not…

  • CVE-2017-16377HigDec 9, 2017
    risk 0.58cvss 8.8epss 0.07

    An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not…

  • CVE-2016-4343HigMay 22, 2016
    risk 0.58cvss 8.8epss 0.04

    The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact…

  • CVE-2016-1005HigMar 12, 2016
    risk 0.58cvss 8.8epss 0.05

    Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary…

  • CVE-2018-14282HigJul 31, 2018
    risk 0.57cvss 8.8epss 0.03

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2018-14356CriJul 17, 2018
    risk 0.57cvss 9.8epss 0.03

    An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.

  • CVE-2018-9981HigMay 17, 2018
    risk 0.57cvss 8.8epss 0.03

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2018-10484HigMay 17, 2018
    risk 0.57cvss 8.8epss 0.03

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2018-3842HigApr 19, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary…

  • CVE-2026-47908HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2026-44411HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the…

  • CVE-2025-66588HigDec 11, 2025
    risk 0.51cvss 7.8epss 0.00

    In AzeoTech DAQFactory release 20.7 (Build 2555), an access of uninitialized pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.

  • CVE-2025-23352HigOct 23, 2025
    risk 0.51cvss 7.8epss 0.00

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information…

  • CVE-2025-26599HigFeb 25, 2025
    risk 0.51cvss 7.8epss 0.00

    An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before,…

  • CVE-2018-4001HigOct 1, 2018
    risk 0.51cvss 7.8epss 0.01

    An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause an uninitialized pointer representing a TTableRow to be assigned to a variable on the stack. This variable…