CWE-476
NULL Pointer Dereference
Description
The product dereferences a pointer that it expects to be valid but is NULL.
Hierarchy (View 1000)
CVEs mapped to this weakness (1,587)
page 48 of 80| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9470 | Med | 0.36 | 5.5 | 0.01 | Jun 7, 2017 | In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | ||
| CVE-2017-7511 | Med | 0.36 | 5.5 | 0.01 | May 30, 2017 | poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents. | ||
| CVE-2017-8542 | Med | 0.36 | 5.5 | 0.06 | May 26, 2017 | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server… | ||
| CVE-2017-8539 | Med | 0.36 | 5.5 | 0.06 | May 26, 2017 | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server… | ||
| CVE-2017-9211 | Med | 0.36 | 5.5 | 0.00 | May 23, 2017 | The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application. | ||
| CVE-2017-7475 | Med | 0.36 | 5.5 | 0.02 | May 19, 2017 | Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. | ||
| CVE-2017-9040 | Med | 0.36 | 5.5 | 0.02 | May 18, 2017 | GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt. | ||
| CVE-2017-0635 | Med | 0.36 | 5.5 | 0.00 | May 12, 2017 | A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Low due to details specific to the vulnerability. Product: Android.… | ||
| CVE-2017-8847 | Med | 0.36 | 5.5 | 0.01 | May 8, 2017 | The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive. | ||
| CVE-2017-8843 | Med | 0.36 | 5.5 | 0.01 | May 8, 2017 | The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive. | ||
| CVE-2017-8106 | Med | 0.36 | 5.5 | 0.00 | Apr 24, 2017 | The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer. | ||
| CVE-2016-2036 | Med | 0.36 | 5.5 | 0.00 | Apr 13, 2017 | The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request,… | ||
| CVE-2017-7453 | Med | 0.36 | 5.5 | 0.01 | Apr 6, 2017 | The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | ||
| CVE-2017-7452 | Med | 0.36 | 5.5 | 0.01 | Apr 6, 2017 | The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | ||
| CVE-2017-7383 | Med | 0.36 | 5.5 | 0.01 | Apr 3, 2017 | The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | ||
| CVE-2017-7382 | Med | 0.36 | 5.5 | 0.01 | Apr 3, 2017 | The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | ||
| CVE-2017-7381 | Med | 0.36 | 5.5 | 0.01 | Apr 3, 2017 | The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | ||
| CVE-2017-7380 | Med | 0.36 | 5.5 | 0.01 | Apr 3, 2017 | The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | ||
| CVE-2017-5951 | Med | 0.36 | 5.5 | 0.02 | Apr 3, 2017 | The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | ||
| CVE-2016-10220 | Med | 0.36 | 5.5 | 0.02 | Apr 3, 2017 | The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module. |
- risk 0.36cvss 5.5epss 0.01
In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
- risk 0.36cvss 5.5epss 0.01
poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.
- risk 0.36cvss 5.5epss 0.06
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…
- risk 0.36cvss 5.5epss 0.06
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…
- risk 0.36cvss 5.5epss 0.00
The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application.
- risk 0.36cvss 5.5epss 0.02
Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
- risk 0.36cvss 5.5epss 0.02
GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.
- risk 0.36cvss 5.5epss 0.00
A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Low due to details specific to the vulnerability. Product: Android.…
- risk 0.36cvss 5.5epss 0.01
The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.
- risk 0.36cvss 5.5epss 0.01
The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.
- risk 0.36cvss 5.5epss 0.00
The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer.
- risk 0.36cvss 5.5epss 0.00
The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request,…
- risk 0.36cvss 5.5epss 0.01
The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
- risk 0.36cvss 5.5epss 0.01
The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
- risk 0.36cvss 5.5epss 0.01
The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
- risk 0.36cvss 5.5epss 0.01
The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
- risk 0.36cvss 5.5epss 0.01
The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
- risk 0.36cvss 5.5epss 0.01
The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
- risk 0.36cvss 5.5epss 0.02
The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
- risk 0.36cvss 5.5epss 0.02
The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module.