VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 6 of 80
  • CVE-2017-15016HigOct 5, 2017
    risk 0.57cvss 8.8epss 0.02

    ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.

  • CVE-2017-15015HigOct 5, 2017
    risk 0.57cvss 8.8epss 0.01

    ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.

  • CVE-2017-14225HigSep 9, 2017
    risk 0.57cvss 8.8epss 0.03

    The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer…

  • CVE-2017-6257HigJul 28, 2017
    risk 0.57cvss 8.8epss 0.00

    NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges

  • CVE-2017-11642HigJul 26, 2017
    risk 0.57cvss 8.8epss 0.02

    GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638.

  • CVE-2017-11101HigJul 7, 2017
    risk 0.57cvss 8.8epss 0.01

    When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c.

  • CVE-2017-11100HigJul 7, 2017
    risk 0.57cvss 8.8epss 0.01

    When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c.

  • CVE-2017-11097HigJul 7, 2017
    risk 0.57cvss 8.8epss 0.01

    When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c.

  • CVE-2017-11096HigJul 7, 2017
    risk 0.57cvss 8.8epss 0.01

    When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c.

  • CVE-2017-0321HigFeb 15, 2017
    risk 0.57cvss 8.8epss 0.00

    All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.

  • CVE-2015-8787CriFeb 8, 2016
    risk 0.57cvss 9.8epss 0.09

    The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an…

  • CVE-2024-20446HigAug 28, 2024
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the DHCPv6 relay agent of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in a DHCPv6 RELAY-REPLY…

  • CVE-2018-0305HigJun 21, 2018
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability exists because the affected software…

  • CVE-2017-3730HigMay 4, 2017
    risk 0.56cvss 7.5epss 0.55

    In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.

  • CVE-2004-0389HigJun 1, 2004
    risk 0.56cvss 7.5epss 0.52

    RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_PARAMETER or (2) DESCRIBE requests.

  • CVE-2026-0710HigJan 23, 2026
    risk 0.55cvss 8.4epss 0.00

    A flaw was found in SIPp. A remote attacker could exploit this by sending specially crafted Session Initiation Protocol (SIP) messages during an active call. This vulnerability, a NULL pointer dereference, can cause the application to crash, leading to a denial of service. Under…

  • CVE-2016-0742HigFeb 15, 2016
    risk 0.55cvss 7.5epss 0.82

    The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

  • CVE-2011-1881HigJul 13, 2011
    risk 0.55cvss 8.4epss 0.01

    win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers…

  • CVE-2011-1282HigJul 13, 2011
    risk 0.55cvss 8.4epss 0.02

    The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and…

  • CVE-2011-1271HigMay 10, 2011
    risk 0.55cvss 7.7epss 0.20

    The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently…