CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-476

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-7052 476 2018-02-15 2018-02-22
5.0
None Remote Low Not required None None Partial
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur.
2 CVE-2018-7050 476 2018-02-15 2018-02-22
5.0
None Remote Low Not required None None Partial
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick.
3 CVE-2018-6197 476 2018-01-24 2018-02-08
5.0
None Remote Low Not required None None Partial
w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.
4 CVE-2018-5710 476 DoS 2018-01-16 2018-02-02
4.0
None Remote Low Single system None None Partial
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.
5 CVE-2018-5333 476 2018-01-11 2018-01-29
4.9
None Local Low Not required None None Complete
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.
6 CVE-2018-5308 476 2018-01-09 2018-01-29
6.8
None Remote Medium Not required Partial Partial Partial
PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.
7 CVE-2018-5206 476 2018-01-06 2018-01-24
7.5
None Remote Low Not required Partial Partial Partial
When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer.
8 CVE-2017-1000471 476 DoS Mem. Corr. 2018-01-03 2018-01-17
7.5
None Remote Low Not required Partial Partial Partial
EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service.
9 CVE-2017-1000460 476 2018-01-03 2018-02-01
4.3
None Remote Medium Not required None None Partial
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.
10 CVE-2017-1000445 476 DoS 2018-01-02 2018-02-03
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service
11 CVE-2017-1000200 476 DoS 2017-11-16 2017-12-01
5.0
None Remote Low Not required None None Partial
tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service
12 CVE-2017-1000050 476 2017-07-17 2017-07-20
5.0
None Remote Low Not required None None Partial
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
13 CVE-2017-18079 476 DoS 2018-01-29 2018-02-15
7.2
None Local Low Not required Complete Complete Complete
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.
14 CVE-2017-18013 476 2018-01-01 2018-02-03
4.3
None Remote Medium Not required None None Partial
In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.
15 CVE-2017-18005 476 2017-12-31 2018-01-17
4.3
None Remote Medium Not required None None Partial
Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.
16 CVE-2017-17997 476 2017-12-30 2018-01-12
5.0
None Remote Low Not required None None Partial
In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.
17 CVE-2017-17819 476 DoS 2017-12-20 2018-01-05
5.0
None Remote Low Not required None None Partial
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.
18 CVE-2017-17701 476 2017-12-15 2017-12-20
7.5
None Remote Low Not required Partial Partial Partial
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request.
19 CVE-2017-17700 476 2017-12-15 2017-12-20
7.5
None Remote Low Not required Partial Partial Partial
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request.
20 CVE-2017-17699 476 2017-12-15 2017-12-20
7.5
None Remote Low Not required Partial Partial Partial
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request.
21 CVE-2017-17555 476 DoS 2017-12-11 2017-12-22
4.3
None Remote Medium Not required None None Partial
The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.
22 CVE-2017-17554 476 2017-12-11 2017-12-22
4.3
None Remote Medium Not required None None Partial
A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file.
23 CVE-2017-17505 476 2017-12-10 2017-12-19
4.3
None Remote Medium Not required None None Partial
In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
24 CVE-2017-17465 476 2017-12-08 2017-12-20
7.5
None Remote Low Not required Partial Partial Partial
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002574 DeviceIoControl request.
25 CVE-2017-17464 476 2017-12-08 2017-12-20
7.5
None Remote Low Not required Partial Partial Partial
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002570 DeviceIoControl request.
26 CVE-2017-17440 476 DoS 2017-12-06 2017-12-22
4.3
None Remote Medium Not required None None Partial
GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.
27 CVE-2017-17439 476 2017-12-06 2017-12-29
5.0
None Remote Low Not required None None Partial
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.
28 CVE-2017-17129 476 DoS 2017-12-04 2017-12-15
6.8
None Remote Medium Not required Partial Partial Partial
The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact via a crafted file.
29 CVE-2017-17127 476 DoS 2017-12-04 2017-12-15
4.3
None Remote Medium Not required None None Partial
The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
30 CVE-2017-17123 476 DoS 2017-12-04 2017-12-15
4.3
None Remote Medium Not required None None Partial
The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.
31 CVE-2017-17113 476 2017-12-04 2017-12-21
2.1
None Local Low Not required None None Partial
ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a NULL pointer dereference via a 0x830000c4 DeviceIoControl request.
32 CVE-2017-17050 476 DoS 2017-11-28 2017-12-15
4.6
None Local Low Not required Partial Partial Partial
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730020 DeviceIoControl request to \\.\Viragtlt.
33 CVE-2017-17049 476 DoS 2017-11-28 2017-12-15
4.6
None Local Low Not required Partial Partial Partial
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730010 DeviceIoControl request to \\.\Viragtlt.
34 CVE-2017-16948 476 DoS 2017-11-26 2017-12-15
4.6
None Local Low Not required Partial Partial Partial
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730008 DeviceIoControl request to \\.\Viragtlt.
35 CVE-2017-16914 476 DoS 2018-01-31 2018-02-16
7.1
None Remote Medium Not required None None Complete
The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.
36 CVE-2017-16883 476 DoS 2017-11-18 2018-02-03
4.3
None Remote Medium Not required None None Partial
The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file.
37 CVE-2017-16868 476 DoS Overflow 2017-11-17 2017-11-27
4.3
None Remote Medium Not required None None Partial
In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file.
38 CVE-2017-16728 476 2018-01-05 2018-01-11
5.0
None Remote Low Not required None None Partial
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.
39 CVE-2017-16711 476 DoS 2017-11-09 2017-11-27
4.3
None Remote Medium Not required None None Partial
The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender.
40 CVE-2017-16647 476 DoS 2017-11-07 2017-11-28
7.2
None Local Low Not required Complete Complete Complete
drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
41 CVE-2017-16646 476 DoS 2017-11-07 2017-11-28
7.2
None Local Low Not required Complete Complete Complete
drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.
42 CVE-2017-16545 476 DoS 2017-11-05 2017-11-07
6.8
None Remote Medium Not required Partial Partial Partial
The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.
43 CVE-2017-16537 476 DoS 2017-11-03 2018-02-03
7.2
None Local Low Not required Complete Complete Complete
The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
44 CVE-2017-16536 476 DoS 2017-11-03 2018-02-03
7.2
None Local Low Not required Complete Complete Complete
The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
45 CVE-2017-16532 476 DoS 2017-11-03 2018-02-03
7.2
None Local Low Not required Complete Complete Complete
The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
46 CVE-2017-16359 476 2017-11-01 2017-11-13
4.3
None Remote Medium Not required None None Partial
In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.
47 CVE-2017-15955 476 2017-10-28 2018-02-03
4.3
None Remote Medium Not required None None Partial
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file.
48 CVE-2017-15939 476 DoS 2017-10-27 2018-01-08
4.3
None Remote Medium Not required None None Partial
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.
49 CVE-2017-15930 476 2017-10-27 2017-11-01
6.8
None Remote Medium Not required Partial Partial Partial
In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.
50 CVE-2017-15921 476 2017-10-30 2017-11-18
5.0
None Remote Low Not required None None Partial
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.
Total number of vulnerabilities : 425   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.