Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green
Lifecycle Timeline
4DescriptionCVE.org
NULL Pointer Dereference vulnerability in taurusxin ncmdump (src/utils modules). This vulnerability is associated with program files cJSON.Cpp.
This issue affects ncmdump: before 1.4.0.
AnalysisAI
ncmdump versions before 1.4.0 contain a null pointer dereference vulnerability in the cJSON.cpp module that allows local attackers to cause a denial of service through application crash. An attacker with local access and user interaction can trigger this vulnerability to disable the affected ncmdump utility. A patch is available for affected users.
Technical ContextAI
The vulnerability is rooted in CWE-476 (Null Pointer Dereference), a memory safety defect where the application attempts to dereference a null pointer without proper validation. The affected component is cJSON.cpp, which is a JSON parsing library commonly used in C/C++ applications. The ncmdump utility, as identified via CPE cpe:2.3:a:taurusxin:ncmdump:*:*:*:*:*:*:*:*, is a command-line tool that likely processes JSON structures during its normal operation. When the cJSON library fails to properly initialize or validate pointer values before dereferencing them—particularly when handling malformed or unexpected JSON input—the null pointer dereference occurs in the src/utils modules, leading to an application crash.
RemediationAI
Upgrade taurusxin ncmdump to version 1.4.0 or later, which includes the patch available at https://github.com/taurusxin/ncmdump/pull/52. For organizations unable to immediately upgrade, implement input validation and sanitization checks prior to passing JSON data to ncmdump, and restrict network access to the application to trusted sources only. If ncmdump processes files from external sources, enforce file type validation and consider running the application in a sandboxed environment with resource limits to minimize the impact of a denial of service condition.
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14700
GHSA-695c-rc34-8h4v