Total
4853 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14517 | 1 Freedesktop | 1 Poppler | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.
|
|||||
| CVE-2017-12920 | 1 Libfpx Project | 1 Libfpx | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
CDirectory::GetDirEntry in dir.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.
|
|||||
| CVE-2017-9343 | 1 Wireshark | 1 Wireshark | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.
|
|||||
| CVE-2017-0349 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is not correctly validated before it is dereferenced for a write operation, may lead to denial of service or potential escalation of privileges.
|
|||||
| CVE-2017-17123 | 1 Gnu | 1 Binutils | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.
|
|||||
| CVE-2017-7614 | 1 Gnu | 1 Binutils | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program.
|
|||||
| CVE-2017-1000050 | 4 Canonical, Fedoraproject, Jasper Project and 1 more | 6 Ubuntu Linux, Fedora, Jasper and 3 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
|
|||||
| CVE-2017-5625 | 1 Oneplus | 3 Oneplus 3, Oneplus 3t, Oxygenos | 2025-04-20 | 2.1 LOW | 4.6 MEDIUM |
|
In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump <partition>' fastboot command.
|
|||||
| CVE-2017-1000360 | 1 Opendaylight | 1 Opendaylight | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.
|
|||||
| CVE-2017-8820 | 2 Debian, Tor Project | 2 Debian Linux, Tor | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010.
|
|||||
| CVE-2016-7627 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreGraphics" component. It allows attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted font.
|
|||||
| CVE-2017-15274 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
|
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.
|
|||||
| CVE-2017-17505 | 1 Hdfgroup | 1 Hdf5 | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
|
|||||
| CVE-2015-8592 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption.
|
|||||
| CVE-2017-7511 | 1 Freedesktop | 1 Poppler | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.
|
|||||
| CVE-2017-13065 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.
|
|||||
| CVE-2014-0146 | 1 Qemu | 1 Qemu | 2025-04-20 | 1.9 LOW | 5.5 MEDIUM |
|
The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields.
|
|||||
| CVE-2016-5870 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
|
The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact by triggering failure of an accept system call for an AF_MSM_IPC socket.
|
|||||
| CVE-2016-9559 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
|
|||||
| CVE-2017-9216 | 2 Artifex, Debian | 2 Jbig2dec, Debian Linux | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.
|
|||||
| CVE-2017-0315 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an attempt to access an invalid object pointer may lead to denial of service or potential escalation of privileges.
|
|||||
| CVE-2017-6847 | 1 Podofo Project | 1 Podofo | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
|
|||||
| CVE-2017-4900 | 1 Vmware | 2 Workstation Player, Workstation Pro | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
|
|||||
| CVE-2017-0323 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.
|
|||||
| CVE-2017-10790 | 1 Gnu | 1 Libtasn1 | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.
|
|||||
| CVE-2016-5041 | 1 Libdwarf Project | 1 Libdwarf | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name.
|
|||||
| CVE-2015-9072 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.
|
|||||
| CVE-2015-5180 | 2 Canonical, Gnu | 2 Ubuntu Linux, Glibc | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
|
|||||
| CVE-2017-1000200 | 1 Tcmu-runner Project | 1 Tcmu-runner | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service
|
|||||
| CVE-2017-15102 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2025-04-20 | 6.9 MEDIUM | 6.3 MEDIUM |
|
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.
|
|||||
| CVE-2017-11097 | 1 Swftools | 1 Swftools | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c.
|
|||||
| CVE-2017-11189 | 1 Rarzilla | 1 Unrar-free | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code for a long-running application. NOTE: one of the several test cases in the references may be the same as what was separately reported as CVE-2017-14121.
|
|||||
| CVE-2016-8695 | 1 Potrace Project | 1 Potrace | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8696.
|
|||||
| CVE-2016-7609 | 1 Apple | 1 Mac Os X | 2025-04-20 | 4.9 MEDIUM | 6.2 MEDIUM |
|
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
|
|||||
| CVE-2017-12779 | 1 Matroska | 1 Mkvalidator | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.
|
|||||
| CVE-2017-6845 | 1 Podofo Project | 1 Podofo | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
|
|||||
| CVE-2015-9020 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory.
|
|||||
| CVE-2016-2365 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash.
|
|||||
| CVE-2017-14641 | 1 Bento4 | 1 Bento4 | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.
|
|||||
| CVE-2017-9468 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash.
|
|||||