VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 50 of 80
  • CVE-2017-6501MedMar 6, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference.

  • CVE-2017-6415MedMar 2, 2017
    risk 0.36cvss 5.5epss 0.01

    The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file.

  • CVE-2017-5980MedMar 1, 2017
    risk 0.36cvss 5.5epss 0.01

    The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file.

  • CVE-2017-5979MedMar 1, 2017
    risk 0.36cvss 5.5epss 0.02

    The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file.

  • CVE-2017-5855MedMar 1, 2017
    risk 0.36cvss 5.5epss 0.01

    The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-5854MedMar 1, 2017
    risk 0.36cvss 5.5epss 0.01

    base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

  • CVE-2017-5851MedMar 1, 2017
    risk 0.36cvss 5.5epss 0.01

    The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. NOTE: this typically has no risk; this crash of this command-line program has no further consequences…

  • CVE-2017-5665MedMar 1, 2017
    risk 0.36cvss 5.5epss 0.01

    The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

  • CVE-2016-5027MedFeb 24, 2017
    risk 0.36cvss 5.5epss 0.02

    dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service (crash) via a crafted elf file.

  • CVE-2017-6197MedFeb 24, 2017
    risk 0.36cvss 5.5epss 0.02

    The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.

  • CVE-2016-7605MedFeb 20, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.

  • CVE-2016-7604MedFeb 20, 2017
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "CoreCapture" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

  • CVE-2016-7603MedFeb 20, 2017
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "CoreStorage" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

  • CVE-2016-9828MedFeb 17, 2017
    risk 0.36cvss 5.5epss 0.02

    The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file.

  • CVE-2016-8676MedFeb 15, 2017
    risk 0.36cvss 5.5epss 0.02

    The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file. NOTE: this issue exists due to an incomplete fix for CVE-2016-8675.

  • CVE-2016-8675MedFeb 15, 2017
    risk 0.36cvss 5.5epss 0.02

    The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcode sequences during m4v detection.

  • CVE-2016-7477MedFeb 15, 2017
    risk 0.36cvss 5.5epss 0.02

    The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted mp3 file. NOTE: this issue was originally reported as involving a NULL pointer dereference.

  • CVE-2016-8690MedFeb 15, 2017
    risk 0.36cvss 5.5epss 0.02

    The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.

  • CVE-2016-8569MedFeb 3, 2017
    risk 0.36cvss 5.5epss 0.02

    The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.

  • CVE-2016-2318MedFeb 3, 2017
    risk 0.36cvss 5.5epss 0.02

    GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.