Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-824 (使用未经初始化的指针) — Vulnerability Class 174

174 vulnerabilities classified as CWE-824 (使用未经初始化的指针). AI Chinese analysis included.

CWE-824 represents a critical memory management weakness where software accesses or utilizes a pointer that has not been properly initialized. This flaw typically arises when developers declare pointers without assigning them a valid memory address or null value, leaving them to contain arbitrary garbage data from the stack or heap. Attackers exploit this vulnerability by manipulating the uninitialized memory contents to force the application to read or write to unexpected, potentially sensitive memory locations. Such exploitation can lead to severe consequences, including denial of service through crashes, or arbitrary code execution if the uninitialized pointer is used as a function call target. To prevent this, developers must ensure all pointers are explicitly initialized to null or a valid address before use, employ static analysis tools to detect uninitialized variables, and adhere to strict memory management practices that validate pointer states prior to dereferencing.

MITRE CWE Description
The product accesses or uses a pointer that has not been initialized. If the pointer contains an uninitialized value, then the value might not point to a valid memory location. This could cause the product to read from or write to unexpected memory locations, leading to a denial of service. If the uninitialized pointer is used as a function call, then arbitrary functions could be invoked. If an attacker can influence the portion of uninitialized memory that is contained in the pointer, this weakness could be leveraged to execute code or perform other attacks. Depending on memory layout, associated memory management behaviors, and product operation, the attacker might be able to influence the contents of the uninitialized pointer, thus gaining more fine-grained control of the memory location to be accessed.
Common Consequences (3)
ConfidentialityRead Memory
If the uninitialized pointer is used in a read operation, an attacker might be able to read sensitive portions of memory.
AvailabilityDoS: Crash, Exit, or Restart
If the uninitialized pointer references a memory location that is not accessible to the product, or points to a location that is "malformed" (such as NULL) or larger than expected by a read or write operation, then a crash may occur.
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands
If the uninitialized pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible.
CVE IDTitleCVSSSeverityPublished
CVE-2025-2284 Santesoft Sante PACS Server Access of Uninitialized Pointer DoS — Sante PACS Server 7.5 High2025-03-13
CVE-2025-27158 Acrobat Reader | Access of Uninitialized Pointer (CWE-824) — Acrobat Reader 7.8 High2025-03-11
CVE-2025-27162 Acrobat Reader | Access of Uninitialized Pointer (CWE-824) — Acrobat Reader 7.8 High2025-03-11
CVE-2025-2173 libzvbi conv.c vbi_strndup_iconv_ucs2 uninitialized pointer — libzvbi 5.3 Medium2025-03-11
CVE-2025-26599 Xorg: xwayland: use of uninitialized pointer in compredirectwindow() 7.8 High2025-02-25
CVE-2021-26093 Fortinet FortiWLC 缓冲区错误漏洞 — FortiWLC 6.6 High2024-12-19
CVE-2024-45155 Animate | Access of Uninitialized Pointer (CWE-824) — Animate 7.8 High2024-12-10
CVE-2024-9258 IrfanView SID File Parsing Uninitialized Pointer Remote Code Execution Vulnerability — IrfanView 7.8 -2024-11-22
CVE-2024-47411 Animate | Access of Uninitialized Pointer (CWE-824) — Animate 7.8 High2024-10-09
CVE-2024-8645 Access of Uninitialized Pointer in Wireshark — Wireshark 5.5 Medium2024-09-10
CVE-2024-32998 Huawei HarmonyOS 安全漏洞 — HarmonyOS 5.9 Medium2024-05-11
CVE-2024-33608 BIG-IP IPsec vulnerability — BIG-IP 7.5 High2024-05-08
CVE-2023-43531 Access of Uninitialized Pointer in SPS Applications — Snapdragon 8.4 High2024-05-06
CVE-2023-35715 Ashlar-Vellum Cobalt AR File Parsing Uninitialized Memory Remote Code Execution Vulnerability — Cobalt 7.8 -2024-05-03
CVE-2023-35713 Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability — Cobalt 7.8 -2024-05-03
CVE-2023-35712 Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability — Cobalt 7.8 -2024-05-03
CVE-2023-34288 Ashlar-Vellum Cobalt XE File Parsing Uninitialized Pointer Remote Code Execution Vulnerability — Cobalt 7.8 -2024-05-03
CVE-2023-34272 Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability — FvDesigner 7.8 -2024-05-03
CVE-2023-34263 Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability — FvDesigner 7.8 -2024-05-03
CVE-2024-21919 Rockwell Automation Arena Simulation Vulnerable To Uninitialized Pointer — Arena Simulation 7.8 High2024-03-26
CVE-2024-26004 PHOENIX CONTACT: DoS of a control agent due to access of a uninitialized pointer in CHARX Series — CHARX SEC-3000 7.5 High2024-03-12
CVE-2024-24925 Siemens Simcenter Femap 缓冲区错误漏洞 — Simcenter Femap 7.8 High2024-02-13
CVE-2023-49132 Siemens Solid Edge 缓冲区错误漏洞 — Solid Edge SE2023 7.8 High2024-01-09
CVE-2023-49131 Siemens Solid Edge 缓冲区错误漏洞 — Solid Edge SE2023 7.8 High2024-01-09
CVE-2023-49130 Siemens Solid Edge 缓冲区错误漏洞 — Solid Edge SE2023 7.8 High2024-01-09
CVE-2023-44362 ZDI-CAN-21791: Adobe Prelude MP4 File Uninitialized Variable Information Disclosure Vulnerability — Prelude 5.5 Medium2023-12-13
CVE-2023-47072 ZDI-CAN-21790: Adobe After Effects MP4 File Uninitialized Variable Information Disclosure Vulnerability — After Effects 3.3 Low2023-11-17
CVE-2023-47060 ZDI-CAN-21792: Adobe Premiere Pro MP4 File Uninitialized Variable Information Disclosure Vulnerability — Premiere Pro 3.3 Low2023-11-16
CVE-2023-47047 ZDI-CAN-21685: Adobe Audition MP4 File Parsing Uninitialized Variable Remote Code Execution Vulnerability — Audition 5.5 Medium2023-11-16
CVE-2023-47053 ZDI-CAN-21689: Adobe Audition MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability — Audition 5.5 Medium2023-11-16

Vulnerabilities classified as CWE-824 (使用未经初始化的指针) represent 174 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.