VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 20 of 80
  • CVE-2017-5193HigMar 3, 2017
    risk 0.49cvss 7.5epss 0.06

    The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick.

  • CVE-2016-9049HigFeb 21, 2017
    risk 0.49cvss 7.5epss 0.03

    An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger…

  • CVE-2016-6866HigFeb 15, 2017
    risk 0.49cvss 7.5epss 0.03

    slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash.

  • CVE-2017-5970HigFeb 14, 2017
    risk 0.49cvss 7.5epss 0.04

    The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.

  • CVE-2016-10087HigJan 30, 2017
    risk 0.49cvss 7.5epss 0.06

    The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure,…

  • CVE-2016-9448HigJan 27, 2017
    risk 0.49cvss 7.5epss 0.05

    The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists…

  • CVE-2016-7997HigJan 18, 2017
    risk 0.49cvss 7.5epss 0.03

    The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.

  • CVE-2016-9934HigJan 4, 2017
    risk 0.49cvss 7.5epss 0.07

    ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.

  • CVE-2016-9562HigNov 23, 2016
    risk 0.49cvss 7.5epss 0.04

    SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.

  • CVE-2016-9296HigNov 12, 2016
    risk 0.49cvss 7.5epss 0.07

    A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z…

  • CVE-2016-9294HigNov 12, 2016
    risk 0.49cvss 7.5epss 0.03

    Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-dependent attackers to conduct "denial of service (application crash)" attacks by using the "malformed labeled break/continue in JavaScript" approach, related to a "NULL pointer…

  • CVE-2016-4959HigNov 8, 2016
    risk 0.49cvss 7.5epss 0.03

    For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote Desktop denial of service. A successful exploit of a vulnerable system will result in a kernel null pointer dereference, causing a blue screen crash.

  • CVE-2016-7160HigNov 3, 2016
    risk 0.49cvss 7.5epss 0.01

    A vulnerability on Samsung Mobile M(6.0) devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248.

  • CVE-2016-9114HigOct 30, 2016
    risk 0.49cvss 7.5epss 0.03

    There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.

  • CVE-2016-9113HigOct 30, 2016
    risk 0.49cvss 7.5epss 0.03

    There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.

  • CVE-2016-7445HigOct 3, 2016
    risk 0.49cvss 7.5epss 0.04

    convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.

  • CVE-2015-8917HigSep 20, 2016
    risk 0.49cvss 7.5epss 0.04

    bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.

  • CVE-2016-7132HigSep 12, 2016
    risk 0.49cvss 7.5epss 0.09

    ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a…

  • CVE-2016-7131HigSep 12, 2016
    risk 0.49cvss 7.5epss 0.09

    ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a…

  • CVE-2016-7130HigSep 12, 2016
    risk 0.49cvss 7.5epss 0.07

    The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as…