Vulnerabilities > NULL Pointer Dereference

DATE CVE VULNERABILITY TITLE RISK
2017-10-12 CVE-2017-15274 NULL Pointer Dereference vulnerability in Linux Kernel
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.
local
low complexity
linux CWE-476
5.5
2017-10-12 CVE-2017-12192 NULL Pointer Dereference vulnerability in Linux Kernel
The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation.
local
low complexity
linux CWE-476
5.5
2017-10-11 CVE-2017-15267 NULL Pointer Dereference vulnerability in GNU Libextractor 1.4
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.
network
low complexity
gnu CWE-476
7.5
2017-10-11 CVE-2017-15232 NULL Pointer Dereference vulnerability in Libjpeg-Turbo 1.5.2
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.
network
low complexity
libjpeg-turbo CWE-476
6.5
2017-10-10 CVE-2017-11063 NULL Pointer Dereference vulnerability in Google Android 8.0
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, as a result of a race condition between two userspace processes that interact with the driver concurrently, a null pointer dereference can potentially occur.
network
high complexity
google CWE-476
5.9
2017-10-06 CVE-2015-2297 NULL Pointer Dereference vulnerability in Libcsoap Project Libcsoap
nanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header.
network
low complexity
libcsoap-project CWE-476
7.5
2017-10-06 CVE-2017-15056 NULL Pointer Dereference vulnerability in UPX 3.94
p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack().
local
low complexity
upx CWE-476
7.8
2017-10-05 CVE-2017-15023 NULL Pointer Dereference vulnerability in GNU Binutils 2.29
read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.
local
low complexity
gnu CWE-476
5.5
2017-10-05 CVE-2017-15022 NULL Pointer Dereference vulnerability in GNU Binutils 2.29
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.
local
low complexity
gnu CWE-476
5.5
2017-10-05 CVE-2017-15019 NULL Pointer Dereference vulnerability in Lame Project Lame 3.99.5
LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call.
local
low complexity
lame-project CWE-476
7.8