VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 29 of 80
  • CVE-2022-2309HigJul 5, 2022
    risk 0.42cvss 7.5epss 0.02

    NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data,…

  • CVE-2022-21736HigFeb 3, 2022
    risk 0.42cvss 7.6epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDataset` has an undefined behavior: under certain condition it can be made to dereference a `nullptr` value. The 3 input arguments to `SparseTensorSliceDataset` represent a sparse…

  • CVE-2021-45340MedJan 25, 2022
    risk 0.42cvss 6.5epss 0.01

    In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.

  • CVE-2020-7731HigApr 30, 2021
    risk 0.42cvss 7.5epss 0.02

    This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.

  • CVE-2020-26521HigNov 6, 2020
    risk 0.42cvss 7.5epss 0.02

    The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).

  • CVE-2018-19802HigJun 7, 2019
    risk 0.42cvss 7.5epss 0.02

    aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference.

  • CVE-2018-19757MedNov 30, 2018
    risk 0.42cvss 6.5epss 0.01

    There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service.

  • CVE-2018-19184HigNov 12, 2018
    risk 0.42cvss 7.5epss 0.02

    cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode.

  • CVE-2018-18192MedOct 9, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.

  • CVE-2018-18088MedOct 9, 2018
    risk 0.42cvss 6.5epss 0.02

    OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c

  • CVE-2018-17794MedSep 30, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.

  • CVE-2018-17432MedSep 24, 2018
    risk 0.42cvss 6.5epss 0.01

    A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.

  • CVE-2018-17282MedSep 20, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.

  • CVE-2018-17075HigSep 16, 2018
    risk 0.42cvss 7.5epss 0.03

    The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of , , or . This is related to HTMLTreeBuilder.cpp in WebKit.

  • CVE-2018-1000661MedSep 6, 2018
    risk 0.42cvss 6.5epss 0.01

    jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability…

  • CVE-2018-10914MedSep 4, 2018
    risk 0.42cvss 6.5epss 0.02

    It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.

  • CVE-2017-2575MedAug 22, 2018
    risk 0.42cvss 6.5epss 0.01

    A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG.

  • CVE-2018-1000655MedAug 20, 2018
    risk 0.42cvss 6.5epss 0.01

    Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to…

  • CVE-2018-1000636MedAug 20, 2018
    risk 0.42cvss 6.5epss 0.01

    JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Analysing history it seems that the issue has been present since commit 64a340ffeb8809b2b66bbe32fd443a8b79fdd860 contains a CWE-476: NULL Pointer Dereference vulnerability in Triggering undefined…

  • CVE-2018-15505HigAug 18, 2018
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character…