CWE-824
Access of Uninitialized Pointer
BaseIncomplete
Description
The product accesses or uses a pointer that has not been initialized.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (43)
page 2 of 3| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-6870 | Med | 0.36 | 5.5 | 0.00 | Apr 30, 2026 | GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |
| CVE-2026-6524 | Med | 0.36 | 5.5 | 0.00 | Apr 30, 2026 | MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |
| CVE-2026-27300 | Med | 0.36 | 5.5 | 0.00 | Apr 14, 2026 | Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |
| CVE-2024-49938 | Med | 0.36 | 5.5 | 0.00 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Syzbot points out that skb_trim() has a sanity check on the existing length of the skb, which can be uninitialised in some error paths. The intent here is clearly just to reset the length to zero before resubmitting, so switch to calling __skb_set_length(skb, 0) directly. In addition, __skb_set_length() already contains a call to skb_reset_tail_pointer(), so remove the redundant call. The syzbot report came from ath9k_hif_usb_reg_in_cb(), but there's a similar usage of skb_trim() in ath9k_hif_usb_rx_cb(), change both while we're at it. | |
| CVE-2006-0054 | Med | 0.35 | 5.3 | 0.03 | Jan 11, 2006 | The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer. | |
| CVE-2026-6778 | Med | 0.34 | 5.3 | 0.00 | Apr 21, 2026 | Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |
| CVE-2026-2100 | Med | 0.34 | 5.3 | 0.00 | Mar 26, 2026 | A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states. | |
| CVE-2010-1818 | 0.09 | — | 0.77 | Aug 31, 2010 | The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer. | ||
| CVE-2007-4639 | 0.05 | — | 0.19 | Aug 31, 2007 | EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg_ function, as demonstrated by (1) pldbg_get_stack and (2) pldbg_abort_target, which triggers use of an uninitialized pointer. | ||
| CVE-2014-1564 | 0.04 | — | 0.14 | Sep 3, 2014 | Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image. | ||
| CVE-2009-1415 | 0.04 | — | 0.18 | Apr 30, 2009 | lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free. | ||
| CVE-2009-0846 | 0.04 | — | 0.50 | Apr 9, 2009 | The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. | ||
| CVE-2007-2442 | 0.03 | — | 0.43 | Jun 26, 2007 | The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup. | ||
| CVE-2007-1213 | 0.03 | — | 0.02 | Apr 4, 2007 | The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer. | ||
| CVE-2009-1721 | 0.02 | — | 0.25 | Jul 31, 2009 | The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer. | ||
| CVE-2007-4000 | 0.02 | — | 0.25 | Sep 5, 2007 | The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer. | ||
| CVE-2006-6143 | 0.02 | — | 0.25 | Dec 31, 2006 | The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | ||
| CVE-2009-0040 | 0.01 | — | 0.08 | Feb 22, 2009 | The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. | ||
| CVE-2011-1814 | 0.00 | — | 0.01 | Jun 9, 2011 | Google Chrome before 12.0.742.91 attempts to read data from an uninitialized pointer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| CVE-2011-0479 | 0.00 | — | 0.02 | Jan 14, 2011 | Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer. |