Vulnerabilities (CVE)

Filtered by CWE-476
Total 5359 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-14626 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2026-06-17 7.5 HIGH 9.8 CRITICAL
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
CVE-2017-14625 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2026-06-17 7.5 HIGH 9.8 CRITICAL
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.
CVE-2017-14624 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2026-06-17 7.5 HIGH 9.8 CRITICAL
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.
CVE-2017-14532 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2026-06-17 7.5 HIGH 9.8 CRITICAL
ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.
CVE-2017-14517 1 Freedesktop 1 Poppler 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.
CVE-2017-14505 1 Imagemagick 1 Imagemagick 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input.
CVE-2017-14504 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference.
CVE-2017-14437 1 Moxa 2 Edr-810, Edr-810 Firmware 2026-06-17 5.0 MEDIUM 7.5 HIGH
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_LOG.ini" without a cookie header to trigger this vulnerability.
CVE-2017-14436 1 Moxa 2 Edr-810, Edr-810 Firmware 2026-06-17 5.0 MEDIUM 7.5 HIGH
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG2.ini" without a cookie header to trigger this vulnerability.
CVE-2017-14435 1 Moxa 2 Edr-810, Edr-810 Firmware 2026-06-17 5.0 MEDIUM 7.5 HIGH
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG.ini" without a cookie header to trigger this vulnerability.
CVE-2017-14406 1 Mp3gain 1 Mp3gain 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.
CVE-2017-14400 1 Imagemagick 1 Imagemagick 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file.
CVE-2017-14340 1 Linux 1 Linux Kernel 2026-06-17 4.9 MEDIUM 5.5 MEDIUM
The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory.
CVE-2017-14318 1 Xen 1 Xen 2026-06-17 4.9 MEDIUM 6.5 MEDIUM
An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as `DOMID_XEN`, `DOMID_IO` and `DOMID_COW` are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by these special domains, it will attempt to dereference a NULL pointer in the domain struct.
CVE-2017-14228 2 Canonical, Nasm 2 Ubuntu Linux, Netwide Assembler 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.
CVE-2017-14225 1 Ffmpeg 1 Ffmpeg 2026-06-17 6.8 MEDIUM 8.8 HIGH
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.)
CVE-2017-14181 1 Aacplusenc Project 1 Aacplusenc 2026-06-17 6.8 MEDIUM 7.8 HIGH
DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 allows remote attackers to cause a denial of service (invalid memory write, SEGV on unknown address 0x000000000030, and application crash) or possibly have unspecified other impact via a crafted .wav file, aka a NULL pointer dereference.
CVE-2017-14149 1 Embedthis 1 Goahead 2026-06-17 5.0 MEDIUM 7.5 HIGH
GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request.
CVE-2017-14121 2 Debian, Rarlab 2 Debian Linux, Unrar 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references.
CVE-2017-14060 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.