CWE-476— NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.— MITRE CWE catalog
4,937 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-476page 29 of 99
- CVE-2021-44918MEDIUMCVSS 5.5EG 5.52021-12-21
A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the gf_node_get_field function, which can cause a segmentation fault and application crash.
- CVE-2021-44919MEDIUMCVSS 5.5EG 5.52021-12-21
A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function in gpac 1.1.0-DEV, which causes a segmentation fault and application crash.
- CVE-2021-44921MEDIUMCVSS 5.5EG 5.52021-12-21
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash.
- CVE-2021-44922MEDIUMCVSS 5.5EG 5.52021-12-21
A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash.
- CVE-2021-44923MEDIUMCVSS 5.5EG 5.52021-12-21
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash.
- CVE-2021-44925MEDIUMCVSS 5.5EG 5.52021-12-21
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash.
- CVE-2021-44926MEDIUMCVSS 5.5EG 5.52021-12-21
A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in the gf_node_get_tag function, which causes a segmentation fault and application crash.
- CVE-2021-44927MEDIUMCVSS 5.5EG 5.52021-12-21
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash.
- CVE-2021-44960MEDIUMCVSS 6.5EG 6.52022-02-15
In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the renderDocument function handled the XMLDocument object improperly, returning a null pointer in advance at the second if, resulting in a null pointer reference behind th…
- CVE-2021-44974MEDIUMCVSS 5.5EG 5.52022-05-25
radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser.
- CVE-2021-45079CRITICALCVSS 9.1EG 9.12022-01-31
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even w…
- CVE-2021-45117MEDIUMCVSS 6.5EG 6.52022-03-21
The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.
- CVE-2021-45256MEDIUMCVSS 5.5EG 5.52021-12-22
A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c.
- CVE-2021-45259MEDIUMCVSS 5.5EG 5.52021-12-22
An Invalid pointer reference vulnerability exists in gpac 1.1.0 via the gf_svg_node_del function, which causes a segmentation fault and application crash.
- CVE-2021-45260MEDIUMCVSS 5.5EG 5.52021-12-22
A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id.part function, which causes a segmentation fault and application crash.
- CVE-2021-45266HIGHCVSS 7.5EG 7.52021-12-22
A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_anim_values_ex function, which causes a segmentation fault and application crash.
- CVE-2021-45267MEDIUMCVSS 5.5EG 5.52021-12-22
An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentation fault and application crash.
- CVE-2021-45292MEDIUMCVSS 5.5EG 5.52021-12-21
The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command.
- CVE-2021-45340MEDIUMCVSS 6.5EG 6.52022-01-25
In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.
- CVE-2021-45343MEDIUMCVSS 5.5EG 5.52022-01-25
In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document.
- CVE-2021-45385MEDIUMCVSS 6.5EG 6.52022-02-11
A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out of range, it returns without assign memory buffer to `pb->pdata` and did not exit the prog…
- CVE-2021-45761HIGHCVSS 7.5EG 7.52022-01-14
ROPium v3.1 was discovered to contain an invalid memory address dereference via the find() function.
- CVE-2021-45769HIGHCVSS 7.5EG 7.52022-01-14
A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash.
- CVE-2021-45773HIGHCVSS 7.5EG 7.52022-01-14
A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e can lead to a segmentation fault or application crash.
- CVE-2021-45831MEDIUMCVSS 5.5EG 5.52022-01-05
A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Box via __strlen_avx2, which causes a Denial of Service.
- CVE-2021-45846MEDIUMCVSS 5.5EG 5.52022-01-25
A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker to cause an application crash using a crafted AMF document, where a metadata tag lacks a "type" attribute.
- CVE-2021-45847MEDIUMCVSS 5.5EG 5.52022-01-25
Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file.
- CVE-2021-46019MEDIUMCVSS 5.5EG 5.52022-01-14
An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
- CVE-2021-46038MEDIUMCVSS 5.5EG 5.52022-01-05
A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chunk.isra, which causes a Denial of Service (context-dependent).
- CVE-2021-46039MEDIUMCVSS 5.5EG 5.52022-01-06
A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_chunk_offsets.part function, which causes a Denial of Service (context-dependent).
- CVE-2021-46040MEDIUMCVSS 5.5EG 5.52022-01-06
A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finplace_shift_moov_meta_offsets function, which causes a Denial of Servie (context-dependent).
- CVE-2021-46042MEDIUMCVSS 5.5EG 5.52022-01-06
A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fseeko function, which causes a Denial of Service.
- CVE-2021-46043MEDIUMCVSS 5.5EG 5.52022-01-06
A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list_count function, which causes a Denial of Service.
- CVE-2021-46044MEDIUMCVSS 5.5EG 5.52022-01-06
A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Denial of Service (context-dependent).
- CVE-2021-46046MEDIUMCVSS 5.5EG 5.52022-01-10
A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size function, which could cause a Denial of Service (context-dependent).
- CVE-2021-46047MEDIUMCVSS 5.5EG 5.52022-01-10
A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hinter_finalize function.
- CVE-2021-46049MEDIUMCVSS 5.5EG 5.52022-01-10
A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fileio_check function, which could cause a Denial of Service.
- CVE-2021-46051MEDIUMCVSS 5.5EG 5.52022-01-10
A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media_IsSelfContained function, which could cause a Denial of Service. .
- CVE-2021-46171MEDIUMCVSS 5.5EG 5.52022-01-14
Modex v2.11 was discovered to contain a NULL pointer dereference in set_create_id() at xtract.c.
- CVE-2021-46234MEDIUMCVSS 5.5EG 5.52022-01-21
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).
- CVE-2021-46236MEDIUMCVSS 5.5EG 5.52022-01-21
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c. This vulnerability can lead to a Denial of Service (DoS).
- CVE-2021-46237MEDIUMCVSS 5.5EG 5.52022-01-21
An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).
- CVE-2021-46240MEDIUMCVSS 5.5EG 5.52022-01-21
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scene_dump.c. This vulnerability can lead to a Denial of Service (DoS).
- CVE-2021-46243MEDIUMCVSS 6.5EG 6.52022-01-21
An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).
- CVE-2021-46311MEDIUMCVSS 5.5EG 5.52022-01-21
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability can lead to a Denial of Service (DoS).
- CVE-2021-46335MEDIUMCVSS 5.5EG 5.52022-01-20
Moddable SDK v11.5.0 was discovered to contain a NULL pointer dereference in the component fx_Function_prototype_hasInstance.
- CVE-2021-46664MEDIUMCVSS 5.5EG 5.52022-02-01
MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
- CVE-2021-46837MEDIUMCVSS 6.5EG 6.52022-08-30
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a …
- CVE-2021-46904MEDIUMCVSS 5.5EG 5.52024-02-26
In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple ttys try to claim the same the minor number causing a double unregistration of the same device. Th…
- CVE-2021-46905MEDIUMCVSS 5.5EG 5.52024-02-26
In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device unregistration") fixed the racy minor allocation r…
Map vulnerabilities like CWE-476 to your infrastructure
EchelonGraph correlates every CVE — across CWE-476 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →