VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 33 of 80
  • CVE-2016-10505MedAug 30, 2017
    risk 0.42cvss 6.5epss 0.02

    NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service…

  • CVE-2017-12923MedAug 28, 2017
    risk 0.42cvss 6.5epss 0.01

    OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.

  • CVE-2017-12922MedAug 28, 2017
    risk 0.42cvss 6.5epss 0.01

    wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.

  • CVE-2017-12921MedAug 28, 2017
    risk 0.42cvss 6.5epss 0.01

    PFileFlashPixView::GetGlobalInfoProperty in f_fpxvw.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.

  • CVE-2017-12920MedAug 28, 2017
    risk 0.42cvss 6.5epss 0.01

    CDirectory::GetDirEntry in dir.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.

  • CVE-2017-12809MedAug 23, 2017
    risk 0.42cvss 6.5epss 0.00

    QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.

  • CVE-2017-13065MedAug 22, 2017
    risk 0.42cvss 6.5epss 0.02

    GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.

  • CVE-2017-11750MedJul 30, 2017
    risk 0.42cvss 6.5epss 0.02

    The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-11522MedJul 22, 2017
    risk 0.42cvss 6.5epss 0.02

    The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-11189MedJul 12, 2017
    risk 0.42cvss 6.5epss 0.01

    unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code for a long-running application. NOTE: one of the several test cases in the…

  • CVE-2017-10792MedJul 2, 2017
    risk 0.42cvss 6.5epss 0.02

    There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial…

  • CVE-2017-9989MedJun 28, 2017
    risk 0.42cvss 6.5epss 0.02

    util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack.

  • CVE-2017-9988MedJun 28, 2017
    risk 0.42cvss 6.5epss 0.02

    The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c.

  • CVE-2015-4054HigMay 23, 2017
    risk 0.42cvss 7.5epss 0.04

    PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet.

  • CVE-2017-9083MedMay 19, 2017
    risk 0.42cvss 6.5epss 0.01

    poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.

  • CVE-2017-1000358MedApr 24, 2017
    risk 0.42cvss 6.5epss 0.01

    Controller throws an exception and does not allow user to add subsequent flow for a particular switch. Component: OpenDaylight odl-restconf feature contains this flaw. Version: OpenDaylight 4.0 is affected by this flaw.

  • CVE-2017-7994MedApr 21, 2017
    risk 0.42cvss 6.5epss 0.03

    The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

  • CVE-2015-8272MedApr 13, 2017
    risk 0.42cvss 6.5epss 0.03

    RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash).

  • CVE-2016-10210HigApr 3, 2017
    risk 0.42cvss 7.5epss 0.02

    libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function.

  • CVE-2016-10129HigMar 24, 2017
    risk 0.42cvss 7.5epss 0.04

    The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.