CWE-457— Use of Uninitialized Variable
73 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-457page 1 of 2
- CVE-2019-1010317MEDIUMCVSS 5.5EG 5.52019-07-11
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously craft…
- CVE-2019-1010319MEDIUMCVSS 5.5EG 5.52019-07-11
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously c…
- CVE-2019-11038MEDIUMCVSS 5.32019-06-19
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that w…
- CVE-2020-27124HIGHCVSS 8.6EG 8.62024-11-18
A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condi…
- CVE-2021-21966MEDIUMCVSS 5.3EG 5.32022-02-16
An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can sen…
- CVE-2021-31435HIGHCVSS 7.8EG 7.82021-04-29
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op…
- CVE-2021-34951LOWCVSS 3.3EG 3.32024-05-07
Foxit PDF Reader Annotation Use of Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is…
- CVE-2021-34953HIGHCVSS 7.8EG 7.82024-05-07
Foxit PDF Reader Annotation Use of Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required…
- CVE-2021-3928HIGHCVSS 7.8EG 7.82021-11-05
vim is vulnerable to Use of Uninitialized Variable
- CVE-2021-40418CRITICALCVSS 9.8EG 9.82021-12-22
When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. U…
- CVE-2021-41253MEDIUMCVSS 5.9EG 5.92021-11-08
Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0 and older that use the string functions provided in `zycore` in order to append untrusted user data to the formatter buffer within their custom formatter hooks can…
- CVE-2021-44003MEDIUMCVSS 5.5EG 5.52021-12-14
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while parsing user supplied TIFF files. This cou…
- CVE-2021-46566HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46570HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or…
- CVE-2021-46617HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46631HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a …
- CVE-2022-21217CRITICALCVSS 9.8EG 9.82022-01-28
An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to an out-of-bounds write. An attacker can send an HTTP request to trig…
- CVE-2022-2308MEDIUMCVSS 6.5EG 7.82022-09-01
A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismat…
- CVE-2022-25737HIGHCVSS 7.5EG 7.52023-04-13
Information disclosure in modem due to missing NULL check while reading packets received from local network
- CVE-2022-28317HIGHCVSS 7.8EG 7.82023-03-29
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a maliciou…
- CVE-2022-28319HIGHCVSS 7.8EG 7.82023-03-29
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicio…
- CVE-2022-28320HIGHCVSS 7.8EG 7.82023-03-29
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2022-33716LOWCVSS 2.3EG 4.42022-08-05
An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory.
- CVE-2022-34390HIGHCVSS 7.5EG 7.82022-10-12
Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
- CVE-2022-34655HIGHCVSS 7.5EG 7.52022-08-04
In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel…
- CVE-2022-40510CRITICALCVSS 9.8EG 9.82023-08-08
Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
- CVE-2022-42432MEDIUMCVSS 4.4EG 4.42023-03-29
This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged code on the target system in order to e…
- CVE-2023-25585MEDIUMCVSS 4.7EG 4.72023-09-14
A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.
- CVE-2023-25586MEDIUMCVSS 4.7EG 4.72023-09-14
A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.
- CVE-2023-25588MEDIUMCVSS 4.7EG 4.72023-09-14
A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.
- CVE-2023-31192MEDIUMCVSS 5.3EG 5.32023-10-12
An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-midd…
- CVE-2023-31275HIGHCVSS 8.8EG 8.82023-11-27
An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a …
- CVE-2023-34310HIGHCVSS 7.8EG 7.82024-05-03
Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit …
- CVE-2023-38088HIGHCVSS 7.8EG 7.82024-05-03
Kofax Power PDF printf Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit t…
- CVE-2023-39484MEDIUMCVSS 5.5EG 3.32024-05-03
PDF-XChange Editor PDF File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction…
- CVE-2023-42046MEDIUMCVSS 5.5EG 3.32024-05-03
PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction…
- CVE-2023-42048MEDIUMCVSS 5.5EG 3.32024-05-03
PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction…
- CVE-2023-42056MEDIUMCVSS 5.5EG 3.32024-05-03
PDF-XChange Editor U3D File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction…
- CVE-2023-42062HIGHCVSS 7.8EG 7.82024-05-03
PDF-XChange Editor U3D File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is requi…
- CVE-2023-42079MEDIUMCVSS 5.5EG 3.32024-05-03
PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction…
- CVE-2023-50188HIGHCVSS 7.8EG 7.82024-05-03
Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interactio…
- CVE-2023-6324HIGHCVSS 8.1EG 8.12024-05-15
ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity
- CVE-2024-10204HIGHCVSS 7.8EG 7.82024-11-19
Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in the X_B and SAT file reading procedure in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025. These vulnerabilities could allow an attacker …
- CVE-2024-10934CRITICALCVSS 9.8EG 9.82024-11-15
In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.
- CVE-2024-1847HIGHCVSS 7.8EG 7.82024-02-28
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings fr…
- CVE-2024-1848HIGHCVSS 7.8EG 7.82024-03-22
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS D…
- CVE-2024-21502HIGHCVSS 7.5EG 7.52024-02-24
Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variab…
- CVE-2024-23137HIGHCVSS 7.8EG 7.52024-02-22
A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current p…
- CVE-2024-23159HIGHCVSS 7.8EG 8.82024-06-25
A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current pro…
- CVE-2024-26147HIGHCVSS 7.5EG 7.52024-02-21
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plug…
Map vulnerabilities like CWE-457 to your infrastructure
EchelonGraph correlates every CVE — across CWE-457 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →