A NULL pointer dereference vulnerability was found in Onigmo in the way it handled certain types of “subexp” regular expressions. A remote attacker could exploit this flaw by providing a malformed regular expression that when processed by an application linked to Onigmo, would crash the application, causing a denial of service.