Search
Total
1933 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5969 | 1 Xmlsoft | 1 Libxml2 | 2017-11-11 | 2.6 LOW | 4.7 MEDIUM |
| ** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser." | |||||
| CVE-2014-3164 | 1 Google | 1 Android | 2017-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write) via vectors related to binder passed lengths. | |||||
| CVE-2017-10965 | 1 Irssi | 1 Irssi | 2017-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. | |||||
| CVE-2017-5980 | 1 Zziplib Project | 1 Zziplib | 2017-11-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file. | |||||
| CVE-2015-8272 | 1 Rtmpdump Project | 1 Rtmpdump | 2017-11-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash). | |||||
| CVE-2014-0146 | 1 Qemu | 1 Qemu | 2017-11-04 | 1.9 LOW | 5.5 MEDIUM |
| The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields. | |||||
| CVE-2016-8882 | 1 Jasper Project | 1 Jasper | 2017-11-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | |||||
| CVE-2016-10220 | 1 Artifex | 1 Ghostscript | 2017-11-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module. | |||||
| CVE-2014-3640 | 4 Canonical, Debian, Qemu and 1 more | 7 Ubuntu Linux, Debian Linux, Qemu and 4 more | 2017-11-04 | 2.1 LOW | N/A |
| The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket. | |||||
| CVE-2016-10189 | 1 Bitlbee | 2 Bitlbee, Bitlbee-libpurple | 2017-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. | |||||
| CVE-2017-10917 | 1 Xen | 1 Xen | 2017-11-04 | 9.4 HIGH | 9.1 CRITICAL |
| Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221. | |||||
| CVE-2017-5979 | 1 Zziplib Project | 1 Zziplib | 2017-11-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file. | |||||
| CVE-2016-7997 | 1 Graphicsmagick | 1 Graphicsmagick | 2017-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer. | |||||
| CVE-2017-5951 | 1 Artifex | 1 Ghostscript | 2017-11-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | |||||
| CVE-2017-14225 | 1 Ffmpeg | 1 Ffmpeg | 2017-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.) | |||||
| CVE-2015-8270 | 1 Rtmpdump Project | 1 Rtmpdump | 2017-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash). | |||||
| CVE-2017-15056 | 1 Upx Project | 1 Upx | 2017-11-01 | 6.8 MEDIUM | 7.8 HIGH |
| p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack(). | |||||
| CVE-2017-15286 | 1 Sqlite | 1 Sqlite | 2017-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized. | |||||
| CVE-2007-0887 | 1 Gecad Technologies | 1 Axigen Mail Server | 2017-10-19 | 7.8 HIGH | N/A |
| axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp). | |||||
| CVE-2015-2297 | 1 Libcsoap Project | 1 Libcsoap | 2017-10-13 | 5.0 MEDIUM | 7.5 HIGH |
| nanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header. | |||||
| CVE-2017-15019 | 1 Lame Project | 1 Lame | 2017-10-12 | 6.8 MEDIUM | 7.8 HIGH |
| LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call. | |||||
| CVE-2017-15022 | 1 Gnu | 1 Binutils | 2017-10-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit. | |||||
| CVE-2017-14974 | 1 Gnu | 1 Binutils | 2017-10-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | |||||
| CVE-2017-7374 | 1 Linux | 1 Linux Kernel | 2017-10-04 | 7.2 HIGH | 7.8 HIGH |
| Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely. | |||||
| CVE-2017-14927 | 1 Freedesktop | 1 Poppler | 2017-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. | |||||
| CVE-2017-14940 | 1 Gnu | 1 Binutils | 2017-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file. | |||||
| CVE-2017-14642 | 1 Bento4 | 1 Bento4 | 2017-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| A NULL pointer dereference was discovered in the AP4_HdlrAtom class in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash in AP4_StdcFileByteStream::ReadPartial in System/StdC/Ap4StdCFileByteStream.cpp, which leads to remote denial of service. | |||||
| CVE-2017-14640 | 1 Bento4 | 1 Bento4 | 2017-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| A NULL pointer dereference was discovered in AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service. | |||||
| CVE-2017-14641 | 1 Bento4 | 1 Bento4 | 2017-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service. | |||||
| CVE-2017-14638 | 1 Bento4 | 1 Bento4 | 2017-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp in Bento4 version 1.5.0-617 has missing NULL checks, leading to a NULL pointer dereference, segmentation fault, and application crash in AP4_Atom::SetType in Core/Ap4Atom.h. | |||||
| CVE-2017-9040 | 1 Gnu | 1 Binutils | 2017-09-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt. | |||||
| CVE-2017-8394 | 1 Gnu | 1 Binutils | 2017-09-19 | 5.0 MEDIUM | 7.5 HIGH |
| The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. | |||||
| CVE-2017-7614 | 1 Gnu | 1 Binutils | 2017-09-19 | 7.5 HIGH | 9.8 CRITICAL |
| elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program. | |||||
| CVE-2017-8395 | 1 Gnu | 1 Binutils | 2017-09-19 | 5.0 MEDIUM | 7.5 HIGH |
| The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. | |||||
| CVE-2017-8392 | 1 Gnu | 1 Binutils | 2017-09-19 | 5.0 MEDIUM | 7.5 HIGH |
| The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. | |||||
| CVE-2017-14406 | 1 Mp3gain | 1 Mp3gain | 2017-09-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service. | |||||
| CVE-2017-14181 | 1 Aacplusenc Project | 1 Aacplusenc | 2017-09-14 | 6.8 MEDIUM | 7.8 HIGH |
| DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 allows remote attackers to cause a denial of service (invalid memory write, SEGV on unknown address 0x000000000030, and application crash) or possibly have unspecified other impact via a crafted .wav file, aka a NULL pointer dereference. | |||||
| CVE-2017-12476 | 1 Bento4 | 1 Bento4 | 2017-09-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The AP4_AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in Bento4 mp4dump before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. | |||||
| CVE-2017-12474 | 1 Bento4 | 1 Bento4 | 2017-09-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable.cpp in Bento4 mp42ts before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. | |||||
| CVE-2017-12952 | 1 Libgig0 | 1 Libgig | 2017-09-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. | |||||
| CVE-2017-14149 | 1 Embedthis | 1 Goahead | 2017-09-05 | 5.0 MEDIUM | 7.5 HIGH |
| GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request. | |||||
| CVE-2017-13764 | 1 Wireshark | 1 Wireshark | 2017-09-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation. | |||||
| CVE-2016-6504 | 1 Wireshark | 1 Wireshark | 2017-09-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. | |||||
| CVE-2017-10792 | 1 Gnu | 1 Pspp | 2017-09-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack. | |||||
| CVE-2017-12920 | 1 Libfpx Project | 1 Libfpx | 2017-09-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| CDirectory::GetDirEntry in dir.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. | |||||
| CVE-2017-12921 | 1 Libfpx Project | 1 Libfpx | 2017-09-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| PFileFlashPixView::GetGlobalInfoProperty in f_fpxvw.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. | |||||
| CVE-2017-12922 | 1 Libfpx Project | 1 Libfpx | 2017-09-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. | |||||
| CVE-2017-12923 | 1 Libfpx Project | 1 Libfpx | 2017-09-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. | |||||
| CVE-2017-13712 | 1 Lame Project | 1 Lame | 2017-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. | |||||
| CVE-2016-4605 | 1 Apple | 1 Iphone Os | 2017-09-01 | 7.1 HIGH | 6.5 MEDIUM |
| Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted invitation. | |||||