CWE-824— Access of Uninitialized Pointer
269 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-824page 5 of 6
- CVE-2023-47054MEDIUMCVSS 5.5EG 3.32023-11-16
Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass …
- CVE-2023-47060LOWCVSS 3.3EG 3.32023-11-16
Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypas…
- CVE-2023-47072LOWCVSS 3.3EG 3.32023-11-17
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to by…
- CVE-2023-47582HIGHCVSS 7.8EG 7.82023-11-15
Access of uninitialized pointer vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code m…
- CVE-2023-49130HIGHCVSS 7.8EG 7.82024-01-09
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this v…
- CVE-2023-49131HIGHCVSS 7.8EG 7.82024-01-09
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this v…
- CVE-2023-49132HIGHCVSS 7.8EG 7.82024-01-09
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this v…
- CVE-2024-21919HIGHCVSS 7.8EG 7.82024-03-26
An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor …
- CVE-2024-24449MEDIUMCVSS 6.5EG 6.52024-11-15
An uninitialized pointer dereference in the NasPdu::NasPdu component of OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialUEMessage message sent to the AMF.
- CVE-2024-24925HIGHCVSS 7.8EG 7.82024-02-13
A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted Catia MODEL files. An attacker could leverage this v…
- CVE-2024-26004HIGHCVSS 7.5EG 7.52024-03-12
An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging functionality.
- CVE-2024-26799MEDIUMCVSS 6.2EG 6.22024-04-04
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix uninitialized pointer dmactl In the case where __lpass_get_dmactl_handle is called and the driver id dai_id is invalid the pointer dmactl is not being as…
- CVE-2024-32998MEDIUMCVSS 5.9EG 5.92024-05-14
NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect availability.
- CVE-2024-33608HIGHCVSS 7.5EG 7.52024-05-08
When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2024-36966MEDIUMCVSS 5.5EG 5.52024-06-08
In the Linux kernel, the following vulnerability has been resolved: erofs: reliably distinguish block based and fscache mode When erofs_kill_sb() is called in block dev based mode, s_bdev may not have been initialised yet, and if CONFIG_…
- CVE-2024-42275MEDIUMCVSS 5.5EG 5.52024-08-17
In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix error code in drm_client_buffer_vmap_local() This function accidentally returns zero/success on the failure path. It leads to locking issues and an unini…
- CVE-2024-45155HIGHCVSS 7.8EG 7.82024-12-10
Animate versions 23.0.8, 24.0.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interac…
- CVE-2024-46844HIGHCVSS 7.8EG 7.82024-09-27
In the Linux kernel, the following vulnerability has been resolved: um: line: always fill *error_out in setup_one_line() The pointer isn't initialized by callers, but I have encountered cases where it's still printed; initialize it in al…
- CVE-2024-46951HIGHCVSS 7.8EG 7.82024-11-10
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
- CVE-2024-47411HIGHCVSS 7.8EG 7.82024-10-09
Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interac…
- CVE-2024-49938MEDIUMCVSS 5.5EG 5.52024-10-21
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Syzbot points out that skb_trim() has a sanity check on the existing length of the skb, which c…
- CVE-2024-50087MEDIUMCVSS 5.5EG 5.52024-10-29
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free on read_alloc_one_name() error The function read_alloc_one_name() does not initialize the name field of the passed fscrypt_str stru…
- CVE-2024-50088HIGHCVSS 7.8EG 7.82024-10-29
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free in add_inode_ref() The add_inode_ref() function does not initialize the "name" struct when it is declared. If any of the following…
- CVE-2024-57943HIGHCVSS 7.8EG 7.82025-01-21
In the Linux kernel, the following vulnerability has been resolved: exfat: fix the new buffer was not zeroed before writing Before writing, if a buffer_head marked as new, its data must be zeroed, otherwise uninitialized data in the page…
- CVE-2024-8645MEDIUMCVSS 5.5EG 5.52024-09-10
SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file
- CVE-2024-9258HIGHCVSS 7.8EG 7.82024-11-22
IrfanView SID File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this…
- CVE-2025-1047HIGHCVSS 7.8EG 7.82025-04-23
Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is requ…
- CVE-2025-13499HIGHCVSS 7.8EG 7.82025-11-21
Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service
- CVE-2025-13674MEDIUMCVSS 5.5EG 5.52025-11-26
BPv7 dissector crash in Wireshark 4.6.0 allows denial of service
- CVE-2025-14739MEDIUMCVSS 6.8EG 6.82025-12-18
Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows local unauthenticated attackers the ability to execute DoS attack and potentially arbitrary code execution under the context of the ‘root’ user.This…
- CVE-2025-1761MEDIUMCVSS 5.9EG 5.92025-09-08
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.
- CVE-2025-2173MEDIUMCVSS 5.3EG 5.32025-03-11
A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to uninitialized pointer. I…
- CVE-2025-2284HIGHCVSS 7.5EG 7.52025-03-13
A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe".
- CVE-2025-2285HIGHCVSS 7.8EG 7.82025-04-08
A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and e…
- CVE-2025-2286HIGHCVSS 7.8EG 7.82025-04-08
A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and e…
- CVE-2025-2287HIGHCVSS 7.8EG 7.82025-04-08
A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and e…
- CVE-2025-23352HIGHCVSS 7.8EG 7.82025-10-23
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access. A successful exploit of this vulnerability might lead to code execution, denial of service, escalat…
- CVE-2025-2530HIGHCVSS 7.8EG 7.82025-03-25
Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is requ…
- CVE-2025-26599HIGHCVSS 7.8EG 7.82025-02-25
An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validat…
- CVE-2025-27158HIGHCVSS 7.8EG 7.82025-03-11
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
- CVE-2025-27162HIGHCVSS 7.8EG 7.82025-03-11
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
- CVE-2025-30326HIGHCVSS 7.8EG 7.82025-05-13
Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires use…
- CVE-2025-32451HIGHCVSS 8.8EG 8.82025-08-13
A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memor…
- CVE-2025-37995MEDIUMCVSS 5.5EG 5.52025-05-29
In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put() is safe for module type kobjects In 'lookup_or_create_module_kobject()', an internal kobject is created using 'module_ktype'. So call t…
- CVE-2025-39729MEDIUMCVSS 5.5EG 5.52025-09-07
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix dereferencing uninitialized error pointer Fix below smatch warnings: drivers/crypto/ccp/sev-dev.c:1312 __sev_platform_init_locked() error: we previousl…
- CVE-2025-43545HIGHCVSS 7.8EG 7.82025-05-13
Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact…
- CVE-2025-43557HIGHCVSS 7.8EG 7.82025-05-13
Animate versions 24.0.8, 23.0.11 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…
- CVE-2025-43592HIGHCVSS 7.8EG 7.82025-07-08
InDesign Desktop versions 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…
- CVE-2025-47098HIGHCVSS 7.8EG 7.82025-07-08
InCopy versions 20.3, 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interactio…
- CVE-2025-47121HIGHCVSS 7.8EG 7.82025-07-08
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires use…
Map vulnerabilities like CWE-824 to your infrastructure
EchelonGraph correlates every CVE — across CWE-824 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →