VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,024)

page 37 of 52
  • CVE-2017-0686MedJul 6, 2017
    risk 0.36cvss 5.5epss 0.00

    A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231231.

  • CVE-2015-9100MedJun 25, 2017
    risk 0.36cvss 5.5epss 0.00

    The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.

  • CVE-2017-9503MedJun 16, 2017
    risk 0.36cvss 5.5epss 0.00

    QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.

  • CVE-2017-4900MedJun 7, 2017
    risk 0.36cvss 5.5epss 0.00

    VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

  • CVE-2017-9470MedJun 7, 2017
    risk 0.36cvss 5.5epss 0.00

    In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.

  • CVE-2017-7511MedMay 30, 2017
    risk 0.36cvss 5.5epss 0.00

    poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.

  • CVE-2017-9211MedMay 23, 2017
    risk 0.36cvss 5.5epss 0.00

    The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application.

  • CVE-2017-7475MedMay 19, 2017
    risk 0.36cvss 5.5epss 0.00

    Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.

  • CVE-2017-9040MedMay 18, 2017
    risk 0.36cvss 5.5epss 0.00

    GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.

  • CVE-2017-0635MedMay 12, 2017
    risk 0.36cvss 5.5epss 0.00

    A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Low due to details specific to the vulnerability. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35467107.

  • CVE-2017-8847MedMay 8, 2017
    risk 0.36cvss 5.5epss 0.00

    The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.

  • CVE-2017-8843MedMay 8, 2017
    risk 0.36cvss 5.5epss 0.00

    The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.

  • CVE-2017-8106MedApr 24, 2017
    risk 0.36cvss 5.5epss 0.00

    The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer.

  • CVE-2016-2036MedApr 13, 2017
    risk 0.36cvss 5.5epss 0.00

    The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036.

  • CVE-2017-7453MedApr 6, 2017
    risk 0.36cvss 5.5epss 0.00

    The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-7452MedApr 6, 2017
    risk 0.36cvss 5.5epss 0.00

    The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-7383MedApr 3, 2017
    risk 0.36cvss 5.5epss 0.00

    The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

  • CVE-2017-7382MedApr 3, 2017
    risk 0.36cvss 5.5epss 0.00

    The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

  • CVE-2017-7381MedApr 3, 2017
    risk 0.36cvss 5.5epss 0.00

    The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

  • CVE-2017-7380MedApr 3, 2017
    risk 0.36cvss 5.5epss 0.01

    The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.