CWE-824
AllowedAccess of Uninitialized Pointer
Abstraction: Base · Status: Incomplete
The product accesses or uses a pointer that has not been initialized.
451 vulnerabilities reference this CWE, most recent first.
GHSA-W77W-253G-C7QP
Vulnerability from github – Published: 2022-09-14 00:00 – Updated: 2022-09-14 00:00A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-17506)
{
"affected": [],
"aliases": [
"CVE-2022-39147"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-13T10:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in Parasolid V33.1 (All versions \u003c V33.1.262), Parasolid V33.1 (All versions \u003e= V33.1.262 \u003c V33.1.263), Parasolid V34.0 (All versions \u003c V34.0.252), Parasolid V34.1 (All versions \u003c V34.1.242), Parasolid V35.0 (All versions \u003c V35.0.161), Parasolid V35.0 (All versions \u003e= V35.0.161 \u003c V35.0.164), Simcenter Femap V2022.1 (All versions \u003c V2022.1.3), Simcenter Femap V2022.2 (All versions \u003c V2022.2.2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-17506)",
"id": "GHSA-w77w-253g-c7qp",
"modified": "2022-09-14T00:00:50Z",
"published": "2022-09-14T00:00:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39147"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-518824.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W8VG-H5MJ-7G47
Vulnerability from github – Published: 2022-02-11 00:00 – Updated: 2025-05-05 18:31Access of uninitialized pointer in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access.
{
"affected": [],
"aliases": [
"CVE-2022-21156"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-09T23:15:00Z",
"severity": "MODERATE"
},
"details": "Access of uninitialized pointer in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access.",
"id": "GHSA-w8vg-h5mj-7g47",
"modified": "2025-05-05T18:31:35Z",
"published": "2022-02-11T00:00:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21156"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00639.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WCPP-3X59-H8VP
Vulnerability from github – Published: 2026-03-12 21:34 – Updated: 2026-07-14 15:31Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.
{
"affected": [],
"aliases": [
"CVE-2026-3497"
],
"database_specific": {
"cwe_ids": [
"CWE-824",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-12T19:16:19Z",
"severity": "MODERATE"
},
"details": "Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.",
"id": "GHSA-wcpp-3x59-h8vp",
"modified": "2026-07-14T15:31:40Z",
"published": "2026-03-12T21:34:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3497"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10065"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21690"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21695"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25096"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5475"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6461"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6462"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6463"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7107"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9415"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9732"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-3497"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447085"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00014.html"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3497.json"
},
{
"type": "WEB",
"url": "https://ubuntu.com/security/CVE-2026-3497"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2026/03/12/3"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10714"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:12071"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13750"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13812"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14773"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14924"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:15087"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:15891"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:15893"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16008"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16009"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16030"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16174"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:17596"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19724"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19725"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20040"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20087"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/03/12/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/03/14/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/03/14/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/03/18/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/03/18/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/03/18/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/03/18/7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-WFX2-P684-Q6V4
Vulnerability from github – Published: 2023-11-16 15:30 – Updated: 2023-11-16 15:30Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2023-47044"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-16T15:15:11Z",
"severity": "LOW"
},
"details": "Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-wfx2-p684-q6v4",
"modified": "2023-11-16T15:30:20Z",
"published": "2023-11-16T15:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47044"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WH9F-45PX-J437
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2023-03-15 00:30An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
{
"affected": [],
"aliases": [
"CVE-2021-3594"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-15T21:15:00Z",
"severity": "LOW"
},
"details": "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027udphdr\u0027 structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.",
"id": "GHSA-wh9f-45px-j437",
"modified": "2023-03-15T00:30:46Z",
"published": "2022-05-24T19:05:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3594"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970491"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-44"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210805-0004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WHJF-X8MC-6GR3
Vulnerability from github – Published: 2023-03-07 18:30 – Updated: 2023-03-14 21:30An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.
{
"affected": [],
"aliases": [
"CVE-2022-45861"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-07T17:15:00Z",
"severity": "MODERATE"
},
"details": "An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.",
"id": "GHSA-whjf-x8mc-6gr3",
"modified": "2023-03-14T21:30:21Z",
"published": "2023-03-07T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45861"
},
{
"type": "WEB",
"url": "https://fortiguard.com/psirt/FG-IR-22-477"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WPJG-4663-XP87
Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36In ihevc_inter_pred_chroma_copy_ssse3 of ihevc_inter_pred_filters_ssse3_intr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158484516
{
"affected": [],
"aliases": [
"CVE-2020-0488"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-15T16:15:00Z",
"severity": "MODERATE"
},
"details": "In ihevc_inter_pred_chroma_copy_ssse3 of ihevc_inter_pred_filters_ssse3_intr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158484516",
"id": "GHSA-wpjg-4663-xp87",
"modified": "2022-05-24T17:36:26Z",
"published": "2022-05-24T17:36:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0488"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2020-12-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WRHP-5VCR-45PG
Vulnerability from github – Published: 2022-05-02 03:27 – Updated: 2022-05-02 03:27The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.
{
"affected": [],
"aliases": [
"CVE-2009-1721"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-07-31T19:00:00Z",
"severity": "MODERATE"
},
"details": "The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.",
"id": "GHSA-wrhp-5vcr-45pg",
"modified": "2022-05-02T03:27:53Z",
"published": "2022-05-02T03:27:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1721"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html"
},
{
"type": "WEB",
"url": "http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36030"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36032"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36096"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36123"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36753"
},
{
"type": "WEB",
"url": "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz"
},
{
"type": "WEB",
"url": "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT3757"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2009/dsa-1842"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:190"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/35838"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1022674"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-831-1"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/2035"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/2172"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WV2P-H6G5-VP98
Vulnerability from github – Published: 2025-07-09 00:30 – Updated: 2025-07-09 00:30InCopy versions 20.3, 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-47098"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T23:15:23Z",
"severity": "HIGH"
},
"details": "InCopy versions 20.3, 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-wv2p-h6g5-vp98",
"modified": "2025-07-09T00:30:33Z",
"published": "2025-07-09T00:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47098"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/incopy/apsb25-59.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WV34-XCJ8-F3MQ
Vulnerability from github – Published: 2025-02-25 18:31 – Updated: 2026-04-06 15:31An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.
{
"affected": [],
"aliases": [
"CVE-2025-26599"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-25T16:15:39Z",
"severity": "HIGH"
},
"details": "An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.",
"id": "GHSA-wv34-xcj8-f3mq",
"modified": "2026-04-06T15:31:19Z",
"published": "2025-02-25T18:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26599"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345253"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-26599"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:7458"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:7165"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:7163"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:3976"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:2880"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:2879"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:2875"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:2874"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:2873"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:2866"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:2865"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:2862"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:2861"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:2502"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:2500"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.