Total
88 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-22770 | 1 Imagemagick | 1 Imagemagick | 2026-01-29 | N/A | 6.5 MEDIUM |
|
ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails. Version 7.1.2-13 contains a patch for the issue.
|
|||||
| CVE-2025-14233 | 1 Canon | 32 Lbp1238 Ii, Lbp1238 Ii Firmware, Lbp236dw and 29 more | 2026-01-26 | N/A | 9.8 CRITICAL |
|
Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i ...
Show More |
|||||
| CVE-2025-48768 | 1 Apache | 1 Nuttx | 2026-01-06 | N/A | 6.5 MEDIUM |
|
Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service.
This issue affects Apache NuttX RTOS: from 10.0.0 before 12.10.0.
Users of filesystem based services with write access that were exposed over t ...
Show More |
|||||
| CVE-2025-11838 | 1 Watchguard | 32 Firebox M270, Firebox M290, Firebox M370 and 29 more | 2025-12-16 | N/A | 7.5 HIGH |
|
A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.
This vulnerability affects Fireware OS 12.6.1 up to and including 12.11.4 and 2025.1 up to and including 2025.1.2.
|
|||||
| CVE-2025-13824 | 2025-12-15 | N/A | N/A | ||
|
A security issue exists due to improper handling of malformed CIP packets during fuzzing. The controller enters a hard fault with solid red Fault LED and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS LED and Fault LED become flashing red and reports fault code 0xF019. To recover, clear the fault.
|
|||||
| CVE-2025-54333 | 1 Samsung | 2 Exynos 1380, Exynos 1380 Firmware | 2025-11-07 | N/A | 5.3 MEDIUM |
|
An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is an Invalid Pointer Dereference of node in the get_vs4l_profiler_node function.
|
|||||
| CVE-2024-2955 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2025-11-03 | N/A | 7.8 HIGH |
|
T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2025-25215 | 2025-11-03 | N/A | 8.8 HIGH | ||
|
An arbitrary free vulnerability exists in the cv_close functionality of
Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call
can lead to an arbitrary free. An attacker can forge a fake session to
trigger this vulnerability.
|
|||||
| CVE-2021-28216 | 1 Tianocore | 1 Edk Ii | 2025-11-03 | 4.6 MEDIUM | 7.8 HIGH |
|
BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.
|
|||||
| CVE-2024-36890 | 1 Linux | 1 Linux Kernel | 2025-10-29 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
mm/slab: make __free(kfree) accept error pointers
Currently, if an automatically freed allocation is an error pointer that
will lead to a crash. An example of this is in wm831x_gpio_dbg_show().
171 char *label __free(kfree) = gpiochip_dup_line_label(chip, i);
172 if (IS_ERR(label)) {
173 dev_err(wm831x->dev, "Failed to duplicate label\n");
174 continue;
175 }
The auto clean up function should check for err ...
Show More |
|||||
| CVE-2024-56573 | 1 Linux | 1 Linux Kernel | 2025-10-07 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
efi/libstub: Free correct pointer on failure
cmdline_ptr is an out parameter, which is not allocated by the function
itself, and likely points into the caller's stack.
cmdline refers to the pool allocation that should be freed when cleaning
up after a failure, so pass this instead to free_pool().
|
|||||
| CVE-2024-38617 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
kunit/fortify: Fix mismatched kvalloc()/vfree() usage
The kv*() family of tests were accidentally freeing with vfree() instead
of kvfree(). Use kvfree() instead.
|
|||||
| CVE-2025-47329 | 1 Qualcomm | 76 Fastconnect 7800, Fastconnect 7800 Firmware, Qam8255p and 73 more | 2025-09-25 | N/A | 7.8 HIGH |
|
Memory corruption while handling invalid inputs in application info setup.
|
|||||
| CVE-2021-47387 | 1 Linux | 1 Linux Kernel | 2025-09-25 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
cpufreq: schedutil: Use kobject release() method to free sugov_tunables
The struct sugov_tunables is protected by the kobject, so we can't free
it directly. Otherwise we would get a call trace like this:
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x30
WARNING: CPU: 3 PID: 720 at lib/debugobjects.c:505 debug_print_object+0xb8/0x100
Modules linked in:
CPU: 3 PID: 720 Comm ...
Show More |
|||||
| CVE-2024-35832 | 1 Linux | 1 Linux Kernel | 2025-09-24 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit
bch_fs::snapshots is allocated by kvzalloc in __snapshot_t_mut.
It should be freed by kvfree not kfree.
Or umount will triger:
[ 406.829178 ] BUG: unable to handle page fault for address: ffffe7b487148008
[ 406.830676 ] #PF: supervisor read access in kernel mode
[ 406.831643 ] #PF: error_code(0x0000) - not-present page
[ 406.832487 ] PGD 0 P4D 0
[ 406.832898 ] ...
Show More |
|||||
| CVE-2022-49160 | 1 Linux | 1 Linux Kernel | 2025-09-23 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix crash during module load unload test
During purex packet handling the driver was incorrectly freeing a
pre-allocated structure. Fix this by skipping that entry.
System crashed with the following stack during a module unload test.
Call Trace:
sbitmap_init_node+0x7f/0x1e0
sbitmap_queue_init_node+0x24/0x150
blk_mq_init_bitmaps+0x3d/0xa0
blk_mq_init_tags+0x68/0x90
blk_mq_alloc_map_and_rqs+0x44/0x120
blk_ ...
Show More |
|||||
| CVE-2024-40979 | 1 Linux | 1 Linux Kernel | 2025-09-17 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix kernel crash during resume
Currently during resume, QMI target memory is not properly handled, resulting
in kernel crash in case DMA remap is not supported:
BUG: Bad page state in process kworker/u16:54 pfn:36e80
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36e80
page dumped because: nonzero _refcount
Call Trace:
bad_page
free_page_is_bad_report
__free_pages_ok
__free_pages
dma_ ...
Show More |
|||||
| CVE-2024-25079 | 1 Insyde | 1 Insydeh2o | 2025-08-04 | N/A | 7.4 HIGH |
|
A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.
|
|||||
| CVE-2024-6607 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-07-16 | N/A | 8.8 HIGH |
|
It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `<select>` element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox < 128 and Thunderbird < 128.
|
|||||
| CVE-2024-25074 | 1 Samsung | 32 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 29 more | 2025-07-01 | N/A | 5.9 MEDIUM |
|
An issue was discovered in Samsung Semiconductor Mobile Processor and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check a pointer specified by the SM (Session Management module), which can lead to Denial of Service (Untrusted Pointer Dereference).
|
|||||
| CVE-2025-47749 | 1 Fujielectric | 1 Monitouch V-sft | 2025-05-19 | N/A | 7.8 HIGH |
|
V-SFT v6.2.5.0 and earlier contains an issue with free of pointer not at start of buffer in VS6EditData.dll!CWinFontInf::WinFontMsgCheck function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.
|
|||||
| CVE-2025-30379 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-05-19 | N/A | 7.8 HIGH |
|
Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2022-48425 | 1 Linux | 1 Linux Kernel | 2025-05-16 | N/A | 7.8 HIGH |
|
In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs.
|
|||||
| CVE-2021-47221 | 1 Linux | 1 Linux Kernel | 2025-04-29 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
mm/slub: actually fix freelist pointer vs redzoning
It turns out that SLUB redzoning ("slub_debug=Z") checks from
s->object_size rather than from s->inuse (which is normally bumped to
make room for the freelist pointer), so a cache created with an object
size less than 24 would have the freelist pointer written beyond
s->object_size, causing the redzone to be corrupted by the freelist
pointer. This was very visible with "slub ...
Show More |
|||||
| CVE-2017-0731 | 1 Google | 1 Android | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36075363.
|
|||||
| CVE-2015-2695 | 6 Canonical, Debian, Mit and 3 more | 9 Ubuntu Linux, Debian Linux, Kerberos 5 and 6 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.
|
|||||
| CVE-2020-27798 | 1 Upx | 1 Upx | 2025-04-11 | N/A | 5.5 MEDIUM |
|
An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
|
|||||
| CVE-2020-27797 | 1 Upx | 1 Upx | 2025-04-11 | N/A | 5.5 MEDIUM |
|
An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
|
|||||
| CVE-2022-25725 | 1 Qualcomm | 134 Ar8035, Ar8035 Firmware, Csrb31024 and 131 more | 2025-04-09 | N/A | 6.2 MEDIUM |
|
Denial of service in MODEM due to improper pointer handling
|
|||||
| CVE-2007-4367 | 1 Opera | 1 Opera Browser | 2025-04-09 | 9.3 HIGH | N/A |
|
Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."
|
|||||
| CVE-2020-27545 | 1 Libdwarf Project | 1 Libdwarf | 2025-02-06 | N/A | 6.5 MEDIUM |
|
libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object.
|
|||||
| CVE-2021-47087 | 1 Linux | 1 Linux Kernel | 2025-01-16 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
tee: optee: Fix incorrect page free bug
Pointer to the allocated pages (struct page *page) has already
progressed towards the end of allocation. It is incorrect to perform
__free_pages(page, order) using this pointer as we would free any
arbitrary pages. Fix this by stop modifying the page pointer.
|
|||||
| CVE-2023-34312 | 1 Tencent | 2 Qq, Tim | 2025-01-09 | N/A | 7.8 HIGH |
|
In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition.
|
|||||
| CVE-2024-44852 | 1 Openrobotics | 1 Robot Operating System | 2024-12-17 | N/A | 9.8 CRITICAL |
|
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan().
|
|||||
| CVE-2024-42132 | 1 Linux | 1 Linux Kernel | 2024-12-11 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX
Syzbot hit warning in hci_conn_del() caused by freeing handle that was
not allocated using ida allocator.
This is caused by handle bigger than HCI_CONN_HANDLE_MAX passed by
hci_le_big_sync_established_evt(), which makes code think it's unset
connection.
Add same check for handle upper bound as in hci_conn_set_handle() to
prevent warning.
|
|||||
| CVE-2023-4883 | 1 Open5gs | 1 Open5gs | 2024-11-21 | N/A | 7.5 HIGH |
|
Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free function, which could cause a service outage.
|
|||||
| CVE-2023-43532 | 1 Qualcomm | 26 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 23 more | 2024-11-21 | N/A | 8.4 HIGH |
|
Memory corruption while reading ACPI config through the user mode app.
|
|||||
| CVE-2023-31082 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability.
|
|||||
| CVE-2023-25565 | 1 Gss-ntlmssp Project | 1 Gss-ntlmssp | 2024-11-21 | N/A | 7.5 HIGH |
|
GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This will likely trigger an assertion failure in `free`, causing ...
Show More |
|||||
| CVE-2023-0459 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47
|
|||||