VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 68 of 80
  • CVE-2025-8865MedAug 11, 2025
    risk 0.27cvss epss 0.00

    The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain malformed inputs. An authenticated attacker could exploit this issue to crash the YCQL tablet server, resulting in a denial of service.

  • CVE-2025-25473MedFeb 18, 2025
    risk 0.27cvss 5.3epss 0.00

    FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformat_free_context function in libavutil/mem.c.

  • CVE-2023-45935MedMar 27, 2024
    risk 0.27cvss 4.2epss 0.00

    Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X…

  • CVE-2025-60477MedJun 3, 2026
    risk 0.26cvss 5.0epss 0.00

    A NULL pointer dereference in the gf_filter_pid_resolve_file_template_ex function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.

  • CVE-2026-28581MedJun 1, 2026
    risk 0.26cvss 4.0epss 0.00

    In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local with null execution privileges needed. User interaction is null for exploitation.

  • CVE-2026-47271MedMay 27, 2026
    risk 0.26cvss 5.1epss 0.00

    pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, src/mem.c implemented out-of-memory guards for xmalloc(), xrealloc(), and xstrdup() using assert(data != NULL). The C standard specifies that all assert() expressions are compiled…

  • CVE-2015-7515MedApr 27, 2016
    risk 0.26cvss 4.6epss 0.02

    The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.

  • CVE-2026-44602LowMay 7, 2026
    risk 0.24cvss 3.7epss 0.00

    Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006.

  • CVE-2025-60019LowSep 25, 2025
    risk 0.24cvss 3.7epss 0.00

    glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory location.

  • CVE-2024-40905MedJul 12, 2024
    risk 0.24cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible race in __fib6_drop_pcpu_from() syzbot found a race in __fib6_drop_pcpu_from() [1] If compiler reads more than once (*ppcpu_rt), second read could read NULL, if another cpu clears the value…

  • CVE-2023-52312MedJan 3, 2024
    risk 0.24cvss 4.7epss 0.00

    Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

  • CVE-2023-52303MedJan 3, 2024
    risk 0.24cvss 4.7epss 0.00

    Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

  • CVE-2023-52302MedJan 3, 2024
    risk 0.24cvss 4.7epss 0.01

    Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

  • CVE-2023-38676MedJan 3, 2024
    risk 0.24cvss 4.7epss 0.00

    Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

  • CVE-2023-38670MedJul 26, 2023
    risk 0.24cvss 4.7epss 0.01

    Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.

  • CVE-2022-41909MedNov 18, 2022
    risk 0.24cvss 4.8epss 0.00

    TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits…

  • CVE-2026-44710MedMay 27, 2026
    risk 0.23cvss 4.6epss 0.00

    pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/device.c passed the return values of udisks_drive_get_serial(), udisks_drive_get_vendor(), and udisks_drive_get_model() directly to strcmp() without NULL checks. The GIO/UDisks…

  • CVE-2026-31620MedApr 24, 2026
    risk 0.23cvss 4.6epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0 A malicious USB device with the TASCAM US-144MKII device id can have a configuration containing bInterfaceNumber=1 but no interface 0. USB…

  • CVE-2021-29592MedMay 14, 2021
    risk 0.22cvss 4.4epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15209) missed the case when the target shape of `Reshape` operator is given by the elements of a 1-D tensor. As such, the fix…

  • CVE-2017-2586LowJul 27, 2018
    risk 0.22cvss 3.3epss 0.01

    A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.