VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,024)

page 21 of 52
  • CVE-2017-12923MedAug 28, 2017
    risk 0.42cvss 6.5epss 0.00

    OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.

  • CVE-2017-12922MedAug 28, 2017
    risk 0.42cvss 6.5epss 0.00

    wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.

  • CVE-2017-12921MedAug 28, 2017
    risk 0.42cvss 6.5epss 0.00

    PFileFlashPixView::GetGlobalInfoProperty in f_fpxvw.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.

  • CVE-2017-12920MedAug 28, 2017
    risk 0.42cvss 6.5epss 0.00

    CDirectory::GetDirEntry in dir.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.

  • CVE-2017-12809MedAug 23, 2017
    risk 0.42cvss 6.5epss 0.00

    QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.

  • CVE-2017-13065MedAug 22, 2017
    risk 0.42cvss 6.5epss 0.01

    GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.

  • CVE-2017-11750MedJul 30, 2017
    risk 0.42cvss 6.5epss 0.00

    The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-11522MedJul 22, 2017
    risk 0.42cvss 6.5epss 0.00

    The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-11189MedJul 12, 2017
    risk 0.42cvss 6.5epss 0.00

    unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code for a long-running application. NOTE: one of the several test cases in the references may be the same as what was separately reported as CVE-2017-14121.

  • CVE-2017-10792MedJul 2, 2017
    risk 0.42cvss 6.5epss 0.00

    There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack.

  • CVE-2017-9989MedJun 28, 2017
    risk 0.42cvss 6.5epss 0.01

    util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack.

  • CVE-2017-9988MedJun 28, 2017
    risk 0.42cvss 6.5epss 0.01

    The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c.

  • CVE-2017-7522MedJun 27, 2017
    risk 0.42cvss 6.5epss 0.01

    OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.

  • CVE-2017-9216MedMay 24, 2017
    risk 0.42cvss 6.5epss 0.01

    libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.

  • CVE-2017-9083MedMay 19, 2017
    risk 0.42cvss 6.5epss 0.01

    poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.

  • CVE-2017-1000358MedApr 24, 2017
    risk 0.42cvss 6.5epss 0.00

    Controller throws an exception and does not allow user to add subsequent flow for a particular switch. Component: OpenDaylight odl-restconf feature contains this flaw. Version: OpenDaylight 4.0 is affected by this flaw.

  • CVE-2017-7994MedApr 21, 2017
    risk 0.42cvss 6.5epss 0.01

    The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

  • CVE-2015-8272MedApr 13, 2017
    risk 0.42cvss 6.5epss 0.01

    RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash).

  • CVE-2017-0016MedMar 17, 2017
    risk 0.42cvss 5.9epss 0.49

    Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1; Windows Server 2012 R2, and Windows Server 2016 do not properly handle certain requests in SMBv2 and SMBv3 packets, which allows remote attackers to execute arbitrary code via a crafted SMBv2 or SMBv3 packet to the Server service, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability."

  • CVE-2017-5937MedMar 15, 2017
    risk 0.42cvss 6.5epss 0.00

    The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted VIRGL_CCMD_CLEAR command.