VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,024)

page 12 of 52
  • CVE-2015-2297HigOct 6, 2017
    risk 0.49cvss 7.5epss 0.01

    nanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header.

  • CVE-2017-14977HigOct 2, 2017
    risk 0.49cvss 7.5epss 0.01

    The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.

  • CVE-2017-14975HigOct 2, 2017
    risk 0.49cvss 7.5epss 0.01

    The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.

  • CVE-2017-14739HigSep 26, 2017
    risk 0.49cvss 7.5epss 0.01

    The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors.

  • CVE-2017-14149HigSep 5, 2017
    risk 0.49cvss 7.5epss 0.00

    GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request.

  • CVE-2017-13764HigAug 30, 2017
    risk 0.49cvss 7.5epss 0.00

    In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation.

  • CVE-2017-13712HigAug 28, 2017
    risk 0.49cvss 7.5epss 0.00

    NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument.

  • CVE-2015-0928HigAug 28, 2017
    risk 0.49cvss 7.5epss 0.01

    libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference).

  • CVE-2017-13710HigAug 27, 2017
    risk 0.49cvss 7.5epss 0.01

    The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.

  • CVE-2015-7516HigAug 24, 2017
    risk 0.49cvss 7.5epss 0.02

    ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).

  • CVE-2017-11185HigAug 18, 2017
    risk 0.49cvss 7.5epss 0.01

    The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.

  • CVE-2017-11590HigJul 24, 2017
    risk 0.49cvss 7.5epss 0.01

    There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack.

  • CVE-2017-1000050HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.02

    JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.

  • CVE-2017-11113HigJul 8, 2017
    risk 0.49cvss 7.5epss 0.00

    In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.

  • CVE-2017-9631HigJul 7, 2017
    risk 0.49cvss 7.5epss 0.01

    A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attacker to crash the logger process, causing a denial of service for logging and log-viewing (applications that use the Wonderware ArchestrA Logger continue to run when the Wonderware ArchestrA Logger service is unavailable).

  • CVE-2017-10790HigJul 2, 2017
    risk 0.49cvss 7.5epss 0.00

    The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.

  • CVE-2015-5180HigJun 27, 2017
    risk 0.49cvss 7.5epss 0.01

    res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).

  • CVE-2017-7458HigJun 26, 2017
    risk 0.49cvss 7.5epss 0.01

    The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty field that should have contained a hostname or IP address.

  • CVE-2017-7507HigJun 16, 2017
    risk 0.49cvss 7.5epss 0.01

    GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.

  • CVE-2016-5391HigJun 13, 2017
    risk 0.49cvss 7.5epss 0.01

    libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).