Vulnerabilities (CVE)

Filtered by CWE-476
Total 5359 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-6197 1 Radare 1 Radare2 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.
CVE-2017-6178 1 Usbpcap Project 1 Usbpcap 2026-06-17 4.6 MEDIUM 7.8 HIGH
The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.
CVE-2017-5991 2 Artifex, Debian 2 Mupdf, Debian Linux 2026-06-17 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected.
CVE-2017-5980 1 Gdraheim 1 Zziplib 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file.
CVE-2017-5979 1 Gdraheim 1 Zziplib 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file.
CVE-2017-5970 1 Linux 1 Linux Kernel 2026-06-17 5.0 MEDIUM 7.5 HIGH
The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.
CVE-2017-5969 1 Xmlsoft 1 Libxml2 2026-06-17 2.6 LOW 4.7 MEDIUM
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.
CVE-2017-5951 1 Artifex 1 Ghostscript 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
CVE-2017-5937 1 Virglrenderer Project 1 Virglrenderer 2026-06-17 2.1 LOW 6.5 MEDIUM
The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted VIRGL_CCMD_CLEAR command.
CVE-2017-5855 1 Podofo Project 1 Podofo 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
CVE-2017-5854 1 Podofo Project 1 Podofo 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
CVE-2017-5851 1 Mp3splt Project 1 Mp3splt 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. NOTE: this typically has no risk; this crash of this command-line program has no further consequences for availability.
CVE-2017-5727 1 Intel 1 Graphics Driver 2026-06-17 7.2 HIGH 7.8 HIGH
Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 15.45.x.x, 15.46.x.x allows unprivileged user to elevate privileges via local access.
CVE-2017-5668 1 Bitlbee 2 Bitlbee, Bitlbee-libpurple 2026-06-17 7.5 HIGH 9.8 CRITICAL
bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189.
CVE-2017-5665 1 Libmp3splt Project 1 Libmp3splt 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
CVE-2017-5625 1 Oneplus 3 Oneplus 3, Oneplus 3t, Oxygenos 2026-06-17 2.1 LOW 4.6 MEDIUM
In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump <partition>' fastboot command.
CVE-2017-5416 1 Mozilla 2 Firefox, Thunderbird 2026-06-17 5.0 MEDIUM 7.5 HIGH
In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52.
CVE-2017-5193 2 Debian, Irssi 2 Debian Linux, Irssi 2026-06-17 5.0 MEDIUM 7.5 HIGH
The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick.
CVE-2017-5149 1 Abbott 3 Merlin\@home Ex1100, Merlin\@home Ex1150, Merlin\@home Firmware 2026-06-17 6.8 MEDIUM 8.9 HIGH
An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical's web site, Merlin.net, are not verified. This may allow a man-in-the-middle attacker to access or influence communications between the identified endpoints.
CVE-2017-5023 1 Google 1 Chrome 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page.