VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 4 of 80
  • CVE-2017-10965CriJul 7, 2017
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.

  • CVE-2017-9051CriMay 18, 2017
    risk 0.64cvss 9.8epss 0.02

    libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c.

  • CVE-2017-7614CriApr 9, 2017
    risk 0.64cvss 9.8epss 0.04

    elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have…

  • CVE-2017-5668CriMar 14, 2017
    risk 0.64cvss 9.8epss 0.03

    bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an…

  • CVE-2016-6604CriJan 30, 2017
    risk 0.64cvss 9.8epss 0.03

    NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors. The Samsung ID is SVE-2016-6382.

  • CVE-2014-8241CriDec 14, 2016
    risk 0.64cvss 9.8epss 0.03

    XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.

  • CVE-2016-5690CriDec 13, 2016
    risk 0.64cvss 9.8epss 0.05

    The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.

  • CVE-2016-5689CriDec 13, 2016
    risk 0.64cvss 9.8epss 0.05

    The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.

  • CVE-2016-6692CriOct 10, 2016
    risk 0.64cvss 9.8epss 0.01

    drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in Android before 2016-10-05 allows attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via unknown vectors, aka Qualcomm internal bug CR 1004933.

  • CVE-2015-0573CriAug 7, 2016
    risk 0.64cvss 9.8epss 0.02

    drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (invalid pointer dereference) or possibly…

  • CVE-2016-3821CriAug 5, 2016
    risk 0.64cvss 9.8epss 0.02

    libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory…

  • CVE-2024-35960CriMay 20, 2024
    risk 0.59cvss 9.1epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, add_rule_fg would only add newly created rules from the handle into the tree when they had a refcount of 1. On the other hand, create_flow_handle…

  • CVE-2024-27053CriMay 1, 2024
    risk 0.59cvss 9.1epss 0.02

    In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the connect function from cfg802.11 layer lead to the following warning: ============================= WARNING: suspicious RCU…

  • CVE-2024-23080CriApr 10, 2024
    risk 0.59cvss 9.1epss 0.01

    Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a…

  • CVE-2024-23078CriApr 8, 2024
    risk 0.59cvss 9.1epss 0.01

    JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the…

  • CVE-2015-9124CriApr 18, 2018
    risk 0.59cvss 9.1epss 0.01

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9640, MDM9645, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, the device may crash while accessing an invalid pointer or…

  • CVE-2017-10917CriJul 5, 2017
    risk 0.59cvss 9.1epss 0.03

    Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.

  • CVE-2018-12799HigAug 29, 2018
    risk 0.58cvss 8.8epss 0.07

    Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2018-5030HigJul 20, 2018
    risk 0.58cvss 8.8epss 0.09

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-5012HigJul 20, 2018
    risk 0.58cvss 8.8epss 0.09

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.