Vulnerabilities (CVE)

Filtered by CWE-476
Total 3843 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-0928 1 Oisf 1 Libhtp 2025-04-20 5.0 MEDIUM 7.5 HIGH
libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference).
CVE-2017-9124 1 Libquicktime 1 Libquicktime 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
CVE-2017-0686 1 Google 1 Android 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231231.
CVE-2016-10189 1 Bitlbee 2 Bitlbee, Bitlbee-libpurple 2025-04-20 5.0 MEDIUM 7.5 HIGH
BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.
CVE-2017-11642 1 Graphicsmagick 1 Graphicsmagick 2025-04-20 6.8 MEDIUM 8.8 HIGH
GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638.
CVE-2016-5870 1 Linux 1 Linux Kernel 2025-04-20 4.6 MEDIUM 7.8 HIGH
The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact by triggering failure of an accept system call for an AF_MSM_IPC socket.
CVE-2017-16868 1 Swftools 1 Swftools 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file.
CVE-2017-12475 1 Axiosys 1 Bento4 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 mp4encrypt before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
CVE-2017-9988 2 Debian, Libming 2 Debian Linux, Libming 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c.
CVE-2017-11113 1 Gnu 1 Ncurses 2025-04-20 5.0 MEDIUM 7.5 HIGH
In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
CVE-2017-3169 1 Apache 1 Http Server 2025-04-20 7.5 HIGH 9.8 CRITICAL
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.
CVE-2017-4916 2 Microsoft, Vmware 3 Windows, Workstation Player, Workstation Pro 2025-04-20 6.8 MEDIUM 6.5 MEDIUM
VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine.
CVE-2017-11333 1 Xiph.org 1 Libvorbis 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
CVE-2015-5180 2 Canonical, Gnu 2 Ubuntu Linux, Glibc 2025-04-20 5.0 MEDIUM 7.5 HIGH
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
CVE-2017-8537 1 Microsoft 13 Endpoint Protection, Exchange Server, Forefront Endpoint Protection and 10 more 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542.
CVE-2016-5030 1 Libdwarf Project 1 Libdwarf 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
CVE-2016-5041 1 Libdwarf Project 1 Libdwarf 2025-04-20 5.0 MEDIUM 7.5 HIGH
dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name.
CVE-2017-9083 1 Freedesktop 1 Poppler 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.
CVE-2017-16545 1 Graphicsmagick 1 Graphicsmagick 2025-04-20 6.8 MEDIUM 8.8 HIGH
The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.
CVE-2017-12457 1 Gnu 1 Binutils 2025-04-20 6.8 MEDIUM 7.8 HIGH
The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.