Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-6841

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-15 Mar, 2017 | 14:00
Updated At-05 Aug, 2024 | 15:41
Rejected At-
Credits

The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:15 Mar, 2017 | 14:00
Updated At:05 Aug, 2024 | 15:41
Rejected At:
▼CVE Numbering Authority (CNA)

The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h/
x_refsource_MISC
Hyperlink: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h/
x_refsource_MISC
x_transferred
Hyperlink: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:15 Mar, 2017 | 14:59
Updated At:20 Apr, 2025 | 01:37

The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
podofo_project
podofo_project
>>podofo>>0.9.5
cpe:2.3:a:podofo_project:podofo:0.9.5:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarynvd@nist.gov
CWE ID: CWE-476
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h/cve@mitre.org
Third Party Advisory
VDB Entry
https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h/
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

676Records found
CVE-2013-1418
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-5.86% / 90.21%
||
7 Day CHG~0.00%
Published-16 Nov, 2013 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)Debian GNU/LinuxopenSUSE
Product-kerberos_5debian_linuxopensusen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-36149
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 51.61%
||
7 Day CHG~0.00%
Published-08 Feb, 2021 | 20:13
Updated-04 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).

Action-Not Available
Vendor-symonicsn/aFedora Project
Product-libmysofafedoran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-42196
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.84%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 16:42
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traits_parse() located in abc.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2008-1672
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-22.01% / 95.57%
||
7 Day CHG~0.00%
Published-29 May, 2008 | 16:00
Updated-07 Aug, 2024 | 08:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.

Action-Not Available
Vendor-n/aCanonical Ltd.OpenSSL
Product-ubuntu_linuxopenssln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-8843
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 40.40%
||
7 Day CHG~0.00%
Published-08 May, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.

Action-Not Available
Vendor-long_range_zip_projectn/a
Product-long_range_zipn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-15955
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.25% / 48.33%
||
7 Day CHG~0.00%
Published-28 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file.

Action-Not Available
Vendor-bchunk_projectn/aDebian GNU/Linux
Product-debian_linuxbchunkn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-14638
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.57% / 67.69%
||
7 Day CHG~0.00%
Published-21 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp in Bento4 version 1.5.0-617 has missing NULL checks, leading to a NULL pointer dereference, segmentation fault, and application crash in AP4_Atom::SetType in Core/Ap4Atom.h.

Action-Not Available
Vendor-bento4n/a
Product-bento4n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-14928
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 52.06%
||
7 Day CHG~0.00%
Published-29 Sep, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.

Action-Not Available
Vendor-n/afreedesktop.orgDebian GNU/Linux
Product-popplerdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-14994
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.35% / 84.28%
||
7 Day CHG~0.00%
Published-03 Oct, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagick
Product-debian_linuxgraphicsmagickn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-14641
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.56% / 67.40%
||
7 Day CHG~0.00%
Published-21 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.

Action-Not Available
Vendor-bento4n/a
Product-bento4n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-14863
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.28% / 50.84%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Action-Not Available
Vendor-n/aExiv2
Product-exiv2n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-15023
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.45% / 62.91%
||
7 Day CHG~0.00%
Published-04 Oct, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.

Action-Not Available
Vendor-n/aGNU
Product-binutilsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-14640
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.52% / 65.90%
||
7 Day CHG~0.00%
Published-21 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference was discovered in AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.

Action-Not Available
Vendor-bento4n/a
Product-bento4n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-8535
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.95% / 89.24%
||
7 Day CHG~0.00%
Published-26 May, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_defenderwindows_7endpoint_protectionsecurity_essentialswindows_server_2016exchange_serverwindows_8.1forefront_endpoint_protectionwindows_rt_8.1windows_10system_center_endpoint_protectionwindows_intune_endpoint_protectionMalware Protection Engine
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-369
Divide By Zero
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-42200
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.84%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 17:36
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function main() located in swfdump.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-40778
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 60.51%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:02
Updated-23 Apr, 2025 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Media Encoder Null Pointer Dereference Application denial-of-service

Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsmacosmedia_encoderMedia Encoder
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-14504
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.00% / 76.07%
||
7 Day CHG~0.00%
Published-17 Sep, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagick
Product-debian_linuxgraphicsmagickn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-40768
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 60.51%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:02
Updated-23 Apr, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Character Animator NULL Pointer Dereference Application denial-of-service

Adobe Character Animator version 4.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowscharacter_animatormacosCharacter Animator (Preview 4)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-40774
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 60.51%
||
7 Day CHG~0.00%
Published-22 Nov, 2021 | 15:21
Updated-23 Apr, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Prelude NULL Pointer Dereference Application Denial of Service

Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspreludePrelude
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-40788
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 60.51%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-23 Apr, 2025 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Elements Null Pointer Dereference Application denial-of-service

Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-premiere_elementswindowsmacosPremiere Elements
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-14926
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 52.06%
||
7 Day CHG~0.00%
Published-29 Sep, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.

Action-Not Available
Vendor-n/afreedesktop.orgDebian GNU/Linux
Product-popplerdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-40773
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 60.51%
||
7 Day CHG~0.00%
Published-22 Nov, 2021 | 15:20
Updated-23 Apr, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Prelude NULL Pointer Dereference Application Denial of Service

Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspreludePrelude
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-4043
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.8||MEDIUM
EPSS-0.94% / 75.34%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 00:00
Updated-08 Nov, 2024 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in gpac/gpac

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0.

Action-Not Available
Vendor-Debian GNU/LinuxMotion SpellGPAC
Product-gpacdebian_linuxgpac/gpacgpacdebian_linuxGPAC
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-8537
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.95% / 89.24%
||
7 Day CHG~0.00%
Published-26 May, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_defenderwindows_7endpoint_protectionsecurity_essentialswindows_server_2016exchange_serverwindows_8.1forefront_endpoint_protectionwindows_rt_8.1windows_10system_center_endpoint_protectionwindows_intune_endpoint_protectionMalware Protection Engine
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-369
Divide By Zero
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2017-8542
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-19.18% / 95.13%
||
7 Day CHG~0.00%
Published-26 May, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_defenderwindows_7windows_server_2012malware_protection_enginewindows_server_2016exchange_serverwindows_8.1windows_rt_8.1windows_10forefront_securityMalware Protection
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-369
Divide By Zero
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2017-14940
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.45% / 62.88%
||
7 Day CHG~0.00%
Published-29 Sep, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.

Action-Not Available
Vendor-n/aGNU
Product-binutilsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-14505
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 55.55%
||
7 Day CHG~0.00%
Published-17 Sep, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39851
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-1.01% / 76.23%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 15:38
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-40737
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 60.51%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-23 Apr, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Audition NULL Pointer Dereference Application denial-of-service

Adobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsauditionmacosAudition
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-14642
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.52% / 65.90%
||
7 Day CHG~0.00%
Published-21 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference was discovered in the AP4_HdlrAtom class in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash in AP4_StdcFileByteStream::ReadPartial in System/StdC/Ap4StdCFileByteStream.cpp, which leads to remote denial of service.

Action-Not Available
Vendor-bento4n/a
Product-bento4n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-14974
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.39% / 59.35%
||
7 Day CHG~0.00%
Published-01 Oct, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.

Action-Not Available
Vendor-n/aGNU
Product-binutilsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-13065
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.29% / 78.82%
||
7 Day CHG~0.00%
Published-22 Aug, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagick
Product-debian_linuxgraphicsmagickn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39593
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 36.35%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_FontExtract_DefineFontInfo() located in swftext.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-14228
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 42.01%
||
7 Day CHG~0.00%
Published-09 Sep, 2017 | 08:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.

Action-Not Available
Vendor-nasmn/aCanonical Ltd.
Product-ubuntu_linuxnetwide_assemblern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-40756
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 60.51%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 16:22
Updated-23 Apr, 2025 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe After Effects NULL Pointer Dereference Application Denial of Service

Adobe After Effects version 18.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsafter_effectsAfter Effects
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-12950
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.37% / 88.53%
||
7 Day CHG~0.00%
Published-28 Aug, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.

Action-Not Available
Vendor-linuxsamplern/a
Product-libgign/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-7209
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.31% / 53.97%
||
7 Day CHG~0.00%
Published-21 Mar, 2017 | 06:21
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.

Action-Not Available
Vendor-n/aGNU
Product-binutilsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-13768
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.87% / 74.33%
||
7 Day CHG~0.00%
Published-30 Aug, 2017 | 09:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.ImageMagick Studio LLC
Product-ubuntu_linuxdebian_linuximagemagickn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-40559
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.57%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-40742
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 60.51%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-23 Apr, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Audition NULL Pointer Dereference Application denial-of-service

Adobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsauditionmacosAudition
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-7452
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 50.37%
||
7 Day CHG~0.00%
Published-06 Apr, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

Action-Not Available
Vendor-entropyminen/a
Product-imageworsenern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-40750
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 60.51%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:02
Updated-23 Apr, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge NULL Pointer Dereference could lead to Application denial-of-service

Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsbridgeBridge
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-12921
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.34%
||
7 Day CHG~0.00%
Published-28 Aug, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PFileFlashPixView::GetGlobalInfoProperty in f_fpxvw.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.

Action-Not Available
Vendor-libfpx_projectn/a
Product-libfpxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39850
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-1.01% / 76.23%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 15:38
Updated-16 Sep, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-12922
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.34%
||
7 Day CHG~0.00%
Published-28 Aug, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.

Action-Not Available
Vendor-libfpx_projectn/a
Product-libfpxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-40796
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 60.51%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-23 Apr, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Pro Null Pointer Dereference Application denial-of-service

Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowspremiere_promacosPremiere
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-12923
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.34%
||
7 Day CHG~0.00%
Published-28 Aug, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.

Action-Not Available
Vendor-libfpx_projectn/a
Product-libfpxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-7453
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 50.37%
||
7 Day CHG~0.00%
Published-06 Apr, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

Action-Not Available
Vendor-entropyminen/a
Product-imageworsenern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-40564
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.12%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39853
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-1.01% / 76.23%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 15:38
Updated-17 Sep, 2024 | 02:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • ...
  • 6
  • 7
  • 8
  • ...
  • 13
  • 14
  • Next
Details not found