CWE-824 · Access of Uninitialized Pointer
288 CVEs classified under CWE-824 (Access of Uninitialized Pointer). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-6748 | Critical | 9.8 | 2026-04-21 | Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbir… |
CVE-2026-2805 | Critical | 9.8 | 2026-02-24 | Invalid pointer in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. |
CVE-2026-2785 | Critical | 9.8 | 2026-02-24 | Invalid pointer in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. |
CVE-2022-46280 | Critical | 9.8 | 2023-07-21 | A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted… |
CVE-2022-44451 | Critical | 9.8 | 2023-07-21 | A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted ma… |
CVE-2022-42885 | Critical | 9.8 | 2023-07-21 | A use of uninitialized pointer vulnerability exists in the GRO format res functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted mal… |
CVE-2021-36219 | Critical | 9.8 | 2021-09-27 | An issue was discovered in SKALE sgxwallet 1.58.3. The provided input for ECALL 14 triggers a branch in trustedEcdsaSign that frees a non-initialized pointer f… |
CVE-2021-1619 | Critical | 9.8 | 2021-09-23 | A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to… |
CVE-2020-11138 | Critical | 9.8 | 2021-01-21 | Uninitialized pointers accessed during music play back with incorrect bit stream due to an uninitialized heap memory result in instability in Snapdragon Auto… |
CVE-2020-25573 | Critical | 9.8 | 2020-09-14 | An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint. |
CVE-2020-17446 | Critical | 9.8 | 2020-08-12 | asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, b… |
CVE-2018-17141 | Critical | 9.8 | 2018-09-21 | HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, whi… |
CVE-2018-14356 | Critical | 9.8 | 2018-07-17 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID. |
CVE-2018-11743 | Critical | 9.8 | 2018-06-05 | The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_h… |
CVE-2017-12561 | Critical | 9.8 | 2018-02-15 | A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found. |
CVE-2018-19857 | Critical | 9.1 | 2018-12-05 | The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF fi… |
CVE-2025-32451 | High | 8.8 | 2025-08-13 | A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside… |
CVE-2022-34480 | High | 8.8 | 2022-12-22 | Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never bei… |
CVE-2021-41208 | High | 8.8 | 2021-11-05 | TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a res… |
CVE-2020-8882 | High | 8.8 | 2020-03-20 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to… |