CVE-2019-14248: Null Pointer Dereference
First published: Wed Jul 24 2019(Updated: )
In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nasm Netwide Assembler | >=2.14<=2.14.02 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-14248?
CVE-2019-14248 is a vulnerability in the Netwide Assembler (NASM) 2.14.xx that allows a NULL pointer dereference in certain functions, leading to a crash or potential code execution.
How severe is CVE-2019-14248?
CVE-2019-14248 has a severity score of 5.5, which is considered medium severity.
What is the affected software?
The affected software is Netwide Assembler (NASM) 2.14.xx.
How can the vulnerability be exploited?
The vulnerability can be exploited by mishandling the "%pragma limit" directive in certain functions in NASM.
Is there a fix available for CVE-2019-14248?
Yes, a fix for CVE-2019-14248 is available. It is recommended to update to a version of NASM that is not affected by this vulnerability.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/nasm
- canonical/nasm netwide assembler
- version/nasm netwide assembler/2.14
- version/nasm netwide assembler/2.14.02