CWE-476— NULL Pointer Dereference
4,740 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-476page 8 of 95
- CVE-2018-18457MEDIUMCVSS 5.5EG 5.52018-10-18
The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
- CVE-2018-18458MEDIUMCVSS 5.5EG 5.52018-10-18
The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
- CVE-2018-18459MEDIUMCVSS 5.5EG 5.52018-10-18
The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
- CVE-2018-18508MEDIUMCVSS 6.5EG 6.52020-10-22
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
- CVE-2018-18513HIGHCVSS 7.5EG 7.52019-04-26
A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service (DOS) attack because Thunderbird reopens the last seen message on restart, triggering the …
- CVE-2018-18585MEDIUMCVSS 4.3EG 4.32018-10-23
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
- CVE-2018-18606MEDIUMCVSS 5.5EG 5.52018-10-23
An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting t…
- CVE-2018-18607MEDIUMCVSS 5.5EG 5.52018-10-23
An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_T…
- CVE-2018-18661MEDIUMCVSS 6.5EG 6.52018-10-26
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.
- CVE-2018-18829MEDIUMCVSS 6.5EG 6.52018-10-30
There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file.
- CVE-2018-18873MEDIUMCVSS 5.5EG 5.52018-10-31
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
- CVE-2018-18883HIGHCVSS 8.8EG 8.82018-11-01
An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is n…
- CVE-2018-18937HIGHCVSS 7.5EG 7.52018-11-05
An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in ClientDataSet_getValues in client/ied_connection.c.
- CVE-2018-19029HIGHCVSS 7.8EG 7.82019-02-05
LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash.
- CVE-2018-19060MEDIUMCVSS 6.5EG 6.52018-11-07
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a sa…
- CVE-2018-19121MEDIUMCVSS 4.3EG 4.32018-11-09
An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in ethernet_bsd.c.
- CVE-2018-19122MEDIUMCVSS 4.3EG 4.32018-11-09
An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in Ethernet_sendPacket in ethernet_bsd.c.
- CVE-2018-19129MEDIUMCVSS 6.5EG 6.52018-11-09
In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue in ff_mpa_synth_filter_float in libavcodec/mpegaudiodsp_template.c can cause a segmentation fault (application crash) via a crafted mov file.
- CVE-2018-19149MEDIUMCVSS 6.5EG 6.52018-11-10
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
- CVE-2018-19184HIGHCVSS 7.5EG 7.52018-11-12
cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode.
- CVE-2018-19200HIGHCVSS 7.5EG 7.52018-11-12
An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.
- CVE-2018-19208MEDIUMCVSS 6.5EG 6.52018-11-12
In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.
- CVE-2018-19209MEDIUMCVSS 5.5EG 5.52018-11-12
Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack.
- CVE-2018-19210MEDIUMCVSS 6.5EG 6.52018-11-12
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.
- CVE-2018-19211MEDIUMCVSS 5.5EG 5.52018-11-12
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or…
- CVE-2018-19217MEDIUMCVSS 6.5EG 6.52018-11-12
In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that ver…
- CVE-2018-19395HIGHCVSS 7.5EG 7.52018-11-20
ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/…
- CVE-2018-19406MEDIUMCVSS 5.5EG 5.52018-11-21
kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitializ…
- CVE-2018-19407MEDIUMCVSS 5.5EG 5.52018-11-21
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is unini…
- CVE-2018-19432MEDIUMCVSS 6.5EG 6.52018-11-22
An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.
- CVE-2018-19504HIGHCVSS 7.8EG 7.82018-11-23
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c.
- CVE-2018-19532HIGHCVSS 8.8EG 8.82018-11-26
A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Servi…
- CVE-2018-19542MEDIUMCVSS 6.5EG 6.52018-11-26
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.
- CVE-2018-19607MEDIUMCVSS 6.5EG 6.52018-11-27
Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
- CVE-2018-19624MEDIUMCVSS 5.5EG 5.52018-11-29
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference.
- CVE-2018-19720HIGHCVSS 8.8EG 8.82019-01-18
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 an…
- CVE-2018-19757MEDIUMCVSS 6.5EG 6.52018-11-30
There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service.
- CVE-2018-19797MEDIUMCVSS 6.5EG 6.52018-12-03
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.
- CVE-2018-19801HIGHCVSS 7.5EG 7.52019-06-07
aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters.
- CVE-2018-19802HIGHCVSS 7.5EG 7.52019-06-07
aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference.
- CVE-2018-19870HIGHCVSS 8.8EG 8.82018-12-26
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
- CVE-2018-19882MEDIUMCVSS 5.5EG 5.52018-12-06
In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.
- CVE-2018-19935HIGHCVSS 7.5EG 7.52018-12-07
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
- CVE-2018-19939HIGHCVSS 7.5EG 7.52018-12-07
The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_…
- CVE-2018-20014HIGHCVSS 7.5EG 7.52019-06-07
In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::GetFileHashAndMetadata NULL pointer dereference, leading to shutting down the client …
- CVE-2018-20024HIGHCVSS 7.5EG 7.52018-12-19
LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS.
- CVE-2018-20125HIGHCVSS 7.5EG 7.52018-12-20
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings.
- CVE-2018-20190MEDIUMCVSS 6.5EG 6.52018-12-17
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.
- CVE-2018-20191HIGHCVSS 7.5EG 7.52018-12-20
hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).
- CVE-2018-20195MEDIUMCVSS 5.5EG 5.52018-12-18
A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
Map vulnerabilities like CWE-476 to your infrastructure
EchelonGraph correlates every CVE — across CWE-476 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →