CWE-476
NULL Pointer Dereference
Description
The product dereferences a pointer that it expects to be valid but is NULL.
Hierarchy (View 1000)
CVEs mapped to this weakness (1,587)
page 29 of 80| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-2309 | Hig | 0.42 | 7.5 | 0.02 | Jul 5, 2022 | NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data,… | ||
| CVE-2022-21736 | Hig | 0.42 | 7.6 | 0.01 | Feb 3, 2022 | Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDataset` has an undefined behavior: under certain condition it can be made to dereference a `nullptr` value. The 3 input arguments to `SparseTensorSliceDataset` represent a sparse… | ||
| CVE-2021-45340 | Med | 0.42 | 6.5 | 0.01 | Jan 25, 2022 | In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file. | ||
| CVE-2020-7731 | — | Hig | 0.42 | 7.5 | 0.02 | Apr 30, 2021 | This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. | |
| CVE-2020-26521 | — | Hig | 0.42 | 7.5 | 0.02 | Nov 6, 2020 | The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). | |
| CVE-2018-19802 | — | Hig | 0.42 | 7.5 | 0.02 | Jun 7, 2019 | aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference. | |
| CVE-2018-19757 | Med | 0.42 | 6.5 | 0.01 | Nov 30, 2018 | There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service. | ||
| CVE-2018-19184 | — | Hig | 0.42 | 7.5 | 0.02 | Nov 12, 2018 | cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode. | |
| CVE-2018-18192 | Med | 0.42 | 6.5 | 0.01 | Oct 9, 2018 | An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp. | ||
| CVE-2018-18088 | Med | 0.42 | 6.5 | 0.02 | Oct 9, 2018 | OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c | ||
| CVE-2018-17794 | Med | 0.42 | 6.5 | 0.02 | Sep 30, 2018 | An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function. | ||
| CVE-2018-17432 | Med | 0.42 | 6.5 | 0.01 | Sep 24, 2018 | A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. | ||
| CVE-2018-17282 | Med | 0.42 | 6.5 | 0.02 | Sep 20, 2018 | An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference. | ||
| CVE-2018-17075 | — | Hig | 0.42 | 7.5 | 0.03 | Sep 16, 2018 | The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of , , or . This is related to HTMLTreeBuilder.cpp in WebKit. | |
| CVE-2018-1000661 | Med | 0.42 | 6.5 | 0.01 | Sep 6, 2018 | jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability… | ||
| CVE-2018-10914 | Med | 0.42 | 6.5 | 0.02 | Sep 4, 2018 | It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes. | ||
| CVE-2017-2575 | — | Med | 0.42 | 6.5 | 0.01 | Aug 22, 2018 | A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG. | |
| CVE-2018-1000655 | Med | 0.42 | 6.5 | 0.01 | Aug 20, 2018 | Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to… | ||
| CVE-2018-1000636 | Med | 0.42 | 6.5 | 0.01 | Aug 20, 2018 | JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Analysing history it seems that the issue has been present since commit 64a340ffeb8809b2b66bbe32fd443a8b79fdd860 contains a CWE-476: NULL Pointer Dereference vulnerability in Triggering undefined… | ||
| CVE-2018-15505 | Hig | 0.42 | 7.5 | 0.02 | Aug 18, 2018 | An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character… |
- risk 0.42cvss 7.5epss 0.02
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data,…
- risk 0.42cvss 7.6epss 0.01
Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDataset` has an undefined behavior: under certain condition it can be made to dereference a `nullptr` value. The 3 input arguments to `SparseTensorSliceDataset` represent a sparse…
- risk 0.42cvss 6.5epss 0.01
In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.
- risk 0.42cvss 7.5epss 0.02
This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.
- risk 0.42cvss 7.5epss 0.02
The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).
- risk 0.42cvss 7.5epss 0.02
aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference.
- risk 0.42cvss 6.5epss 0.01
There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service.
- risk 0.42cvss 7.5epss 0.02
cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.
- risk 0.42cvss 6.5epss 0.02
OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c
- risk 0.42cvss 6.5epss 0.02
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.
- risk 0.42cvss 6.5epss 0.01
A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.
- risk 0.42cvss 6.5epss 0.02
An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.
- risk 0.42cvss 7.5epss 0.03
The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of , , or . This is related to HTMLTreeBuilder.cpp in WebKit.
- risk 0.42cvss 6.5epss 0.01
jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability…
- risk 0.42cvss 6.5epss 0.02
It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.
- risk 0.42cvss 6.5epss 0.01
A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG.
- risk 0.42cvss 6.5epss 0.01
Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to…
- risk 0.42cvss 6.5epss 0.01
JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Analysing history it seems that the issue has been present since commit 64a340ffeb8809b2b66bbe32fd443a8b79fdd860 contains a CWE-476: NULL Pointer Dereference vulnerability in Triggering undefined…
- risk 0.42cvss 7.5epss 0.02
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character…