Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-3010

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-31 Mar, 2025 | 20:00
Updated At-31 Mar, 2025 | 22:25
Rejected At-
Credits

Khronos Group glslang Intermediate.cpp isConversionAllowed null pointer dereference

A vulnerability, which was classified as problematic, has been found in Khronos Group glslang 15.1.0. Affected by this issue is the function glslang::TIntermediate::isConversionAllowed of the file glslang/MachineIndependent/Intermediate.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:31 Mar, 2025 | 20:00
Updated At:31 Mar, 2025 | 22:25
Rejected At:
▼CVE Numbering Authority (CNA)
Khronos Group glslang Intermediate.cpp isConversionAllowed null pointer dereference

A vulnerability, which was classified as problematic, has been found in Khronos Group glslang 15.1.0. Affected by this issue is the function glslang::TIntermediate::isConversionAllowed of the file glslang/MachineIndependent/Intermediate.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Affected Products
Vendor
Khronos Group Inc.Khronos Group
Product
glslang
Versions
Affected
  • 15.1.0
Problem Types
TypeCWE IDDescription
CWECWE-476NULL Pointer Dereference
CWECWE-404Denial of Service
Type: CWE
CWE ID: CWE-476
Description: NULL Pointer Dereference
Type: CWE
CWE ID: CWE-404
Description: Denial of Service
Metrics
VersionBase scoreBase severityVector
4.04.8MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3.03.3LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2.01.7N/A
AV:L/AC:L/Au:S/C:N/I:N/A:P
Version: 4.0
Base score: 4.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Version: 3.0
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Version: 2.0
Base score: 1.7
Base severity: N/A
Vector:
AV:L/AC:L/Au:S/C:N/I:N/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Advisory disclosed2025-03-30 00:00:00
VulDB entry created2025-03-30 01:00:00
VulDB entry last update2025-03-30 22:44:19
Event: Advisory disclosed
Date: 2025-03-30 00:00:00
Event: VulDB entry created
Date: 2025-03-30 01:00:00
Event: VulDB entry last update
Date: 2025-03-30 22:44:19
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.302060
vdb-entry
technical-description
https://vuldb.com/?ctiid.302060
signature
permissions-required
https://vuldb.com/?submit.524561
third-party-advisory
https://github.com/KhronosGroup/glslang/issues/3903
issue-tracking
https://github.com/KhronosGroup/glslang/issues/3903#issue-2927492534
exploit
issue-tracking
Hyperlink: https://vuldb.com/?id.302060
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.302060
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.524561
Resource:
third-party-advisory
Hyperlink: https://github.com/KhronosGroup/glslang/issues/3903
Resource:
issue-tracking
Hyperlink: https://github.com/KhronosGroup/glslang/issues/3903#issue-2927492534
Resource:
exploit
issue-tracking
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/KhronosGroup/glslang/issues/3903
exploit
Hyperlink: https://github.com/KhronosGroup/glslang/issues/3903
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:31 Mar, 2025 | 20:15
Updated At:01 Apr, 2025 | 20:26

A vulnerability, which was classified as problematic, has been found in Khronos Group glslang 15.1.0. Affected by this issue is the function glslang::TIntermediate::isConversionAllowed of the file glslang/MachineIndependent/Intermediate.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.04.8MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Secondary2.01.7LOW
AV:L/AC:L/Au:S/C:N/I:N/A:P
Type: Secondary
Version: 4.0
Base score: 4.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Type: Secondary
Version: 2.0
Base score: 1.7
Base severity: LOW
Vector:
AV:L/AC:L/Au:S/C:N/I:N/A:P
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-404Secondarycna@vuldb.com
CWE-476Secondarycna@vuldb.com
CWE ID: CWE-404
Type: Secondary
Source: cna@vuldb.com
CWE ID: CWE-476
Type: Secondary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/KhronosGroup/glslang/issues/3903cna@vuldb.com
N/A
https://github.com/KhronosGroup/glslang/issues/3903#issue-2927492534cna@vuldb.com
N/A
https://vuldb.com/?ctiid.302060cna@vuldb.com
N/A
https://vuldb.com/?id.302060cna@vuldb.com
N/A
https://vuldb.com/?submit.524561cna@vuldb.com
N/A
https://github.com/KhronosGroup/glslang/issues/3903134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://github.com/KhronosGroup/glslang/issues/3903
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/KhronosGroup/glslang/issues/3903#issue-2927492534
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?ctiid.302060
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?id.302060
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?submit.524561
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/KhronosGroup/glslang/issues/3903
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

76Records found
CVE-2024-1186
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.3||LOW
EPSS-0.02% / 3.73%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 17:00
Updated-10 Jun, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Munsoft Easy Archive Recovery Registration Key denial of service

A vulnerability classified as problematic was found in Munsoft Easy Archive Recovery 2.0. This vulnerability affects unknown code of the component Registration Key Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252676. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-munsoftMunsoft
Product-easy_archive_recoveryEasy Archive Recovery
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2025-4287
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.02% / 3.26%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 20:00
Updated-06 May, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PyTorch nccl.py torch.cuda.nccl.reduce denial of service

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-n/a
Product-PyTorch
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2025-3730
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.06% / 18.96%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 21:00
Updated-28 May, 2025 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PyTorch LossCTC.cpp torch.nn.functional.ctc_loss denial of service

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue. The security policy of the project warns to use unknown models which might establish malicious effects.

Action-Not Available
Vendor-n/aThe Linux Foundation
Product-pytorchPyTorch
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2025-3198
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.02% / 3.85%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 01:31
Updated-15 May, 2025 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GNU Binutils objdump bucomm.c display_info memory leak

A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-GNU
Product-binutilsBinutils
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2024-1192
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.3||LOW
EPSS-0.14% / 35.19%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 20:00
Updated-08 Jan, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
South River WebDrive New Secure WebDAV denial of service

A vulnerability was found in South River WebDrive 18.00.5057. It has been declared as problematic. This vulnerability affects unknown code of the component New Secure WebDAV. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-252682 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-southrivertechSouth Riversouthrivertech
Product-webdriveWebDrivewebdrive
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2025-2926
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.01% / 1.41%
||
7 Day CHG-0.01%
Published-28 Mar, 2025 | 20:00
Updated-24 Jul, 2025 | 09:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HDF5 H5Ocache.c H5O__cache_chk_serialize null pointer dereference

A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-n/aThe HDF Group
Product-hdf5HDF5
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-2953
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 7.44%
||
7 Day CHG-0.03%
Published-30 Mar, 2025 | 15:31
Updated-22 Apr, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PyTorch torch.mkldnn_max_pool2d denial of service

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects.

Action-Not Available
Vendor-n/aThe Linux Foundation
Product-pytorchPyTorch
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2022-24736
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.3||LOW
EPSS-0.35% / 56.96%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 19:55
Updated-22 Apr, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A Malformed Lua script can crash Redis

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.

Action-Not Available
Vendor-Redis Inc.Fedora ProjectOracle CorporationNetApp, Inc.
Product-communications_operations_monitormanagement_services_for_netapp_hcifedoraredismanagement_services_for_element_softwareredis
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-27241
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.29%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 09:03
Updated-09 May, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
multimedia_av_codec has a NULL pointer dereference vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-27248
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.29%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 09:03
Updated-09 May, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ai_neural_network_runtime has a NULL pointer dereference vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-26690
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.01% / 1.79%
||
7 Day CHG~0.00%
Published-11 Aug, 2025 | 02:55
Updated-12 Aug, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
communication dsoftbus has a NULL pointer vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-2588
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.09% / 25.87%
||
7 Day CHG~0.00%
Published-21 Mar, 2025 | 12:00
Updated-21 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hercules Augeas fa.c re_case_expand null pointer dereference

A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Hercules
Product-Augeas
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-25218
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.29%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:50
Updated-09 May, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
third_party_mksh has a NULL pointer dereference vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-25217
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.29%
||
7 Day CHG~0.00%
Published-08 Jun, 2025 | 11:46
Updated-09 Jun, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkui_ace_enginehas a NULL pointer dereference vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-22837
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.63%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has a NULL pointer dereference vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-21097
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.63%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has a NULL pointer dereference vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-1632
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.14% / 34.09%
||
7 Day CHG~0.00%
Published-24 Feb, 2025 | 13:31
Updated-25 Mar, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libarchive bsdunzip.c list null pointer dereference

A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/alibarchive
Product-libarchivelibarchive
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-1377
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.07% / 20.41%
||
7 Day CHG~0.00%
Published-17 Feb, 2025 | 05:00
Updated-18 Feb, 2025 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service

A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-GNU
Product-elfutils
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2025-1373
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.05% / 13.33%
||
7 Day CHG~0.00%
Published-17 Feb, 2025 | 03:31
Updated-03 Jun, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FFmpeg MOV Parser mov.c mov_read_trak null pointer dereference

A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The patch is identified as 43be8d07281caca2e88bfd8ee2333633e1fb1a13. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegFFmpeg
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-1371
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 6.42%
||
7 Day CHG~0.00%
Published-17 Feb, 2025 | 02:31
Updated-18 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GNU elfutils eu-read readelf.c handle_dynamic_symtab null pointer dereference

A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-GNU
Product-elfutils
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-25510
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-3.3||LOW
EPSS-0.04% / 9.57%
||
7 Day CHG~0.00%
Published-22 Apr, 2023 | 02:33
Updated-04 Feb, 2025 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited denial of service.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowslinux_kernelcuda_toolkitNVIDIA CUDA Toolkit
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-6063
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 9.66%
||
7 Day CHG~0.00%
Published-17 Jun, 2024 | 20:31
Updated-25 Sep, 2024 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPAC MP4Box dmx_m2ts.c m2tsdmx_on_event null pointer dereference

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the component MP4Box. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8767ed0a77c4b02287db3723e92c2169f67c85d5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-268791.

Action-Not Available
Vendor-n/aGPAC
Product-gpacGPACgpac
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-1249
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.13% / 33.24%
||
7 Day CHG~0.00%
Published-29 Apr, 2022 | 15:43
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.

Action-Not Available
Vendor-pesign_projectn/a
Product-pesignpesign
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-1451
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.3||LOW
EPSS-0.02% / 4.23%
||
7 Day CHG~0.00%
Published-17 Mar, 2023 | 06:49
Updated-02 Aug, 2024 | 05:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MP4v2 mp4track.cpp GetSampleFileOffset denial of service

A vulnerability was found in MP4v2 2.1.2. It has been classified as problematic. Affected is the function mp4v2::impl::MP4Track::GetSampleFileOffset of the file mp4track.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223296.

Action-Not Available
Vendor-mp4v2_projectn/a
Product-mp4v2MP4v2
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-1157
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-2.8||LOW
EPSS-0.03% / 5.38%
||
7 Day CHG~0.00%
Published-02 Mar, 2023 | 18:16
Updated-02 Aug, 2024 | 05:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
finixbit elf-parser elf_parser.cpp get_segments denial of service

A vulnerability, which was classified as problematic, was found in finixbit elf-parser. Affected is the function elf_parser::Elf_parser::get_segments of the file elf_parser.cpp. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-222222 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-elf-parser_projectfinixbit
Product-elf-parserelf-parser
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-1188
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.3||LOW
EPSS-0.04% / 11.95%
||
7 Day CHG~0.00%
Published-06 Mar, 2023 | 07:10
Updated-05 Mar, 2025 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FabulaTech Webcam for Remote Desktop IoControlCode ftwebcam.sys 0x222018 denial of service

A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42. It has been classified as problematic. Affected is the function 0x222018 in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222360.

Action-Not Available
Vendor-fabulatechFabulaTechMicrosoft Corporation
Product-webcam_for_remote_desktopwindowsWebcam for Remote Desktop
CWE ID-CWE-404
Improper Resource Shutdown or Release
  • Previous
  • 1
  • 2
  • Next
Details not found