Total
3886 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-13978 | 1 Libtiff | 1 Libtiff | 2025-09-11 | 1.0 LOW | 2.5 LOW |
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The patch is named 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4. It is recommended to apply a patch to fix this issue. | |||||
CVE-2025-8534 | 1 Libtiff | 1 Libtiff | 2025-09-11 | 1.0 LOW | 2.5 LOW |
A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 6ba36f159fd396ad11bf6b7874554197736ecc8b. It is recommended to apply a patch to fix this issue. One of the maintainers explains, that "[t]his error only occurs if DEFER_STRILE_LOAD (defer-strile-load:BOOL=ON) or TIFFOpen( .. "rD") option is used." | |||||
CVE-2025-57611 | 1 Meh.schizofreni | 1 Rust-ffmpeg | 2025-09-10 | N/A | 5.3 MEDIUM |
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the dump() method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check the return value of avfilter_graph_dump() for NULL, leading to a crash if the underlying memory allocation fails. | |||||
CVE-2025-57612 | 1 Meh.schizofreni | 1 Rust-ffmpeg | 2025-09-10 | N/A | 7.5 HIGH |
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the name() method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check for a NULL return value from the av_get_sample_fmt_name() C function, which can be triggered by providing an unrecognized sample format. | |||||
CVE-2025-57613 | 1 Meh.schizofreni | 1 Rust-ffmpeg | 2025-09-10 | N/A | 7.5 HIGH |
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A null pointer dereference vulnerability in the input() constructor function allows an attacker to cause a denial of service. The vulnerability is triggered when the avio_alloc_context() call fails and returns NULL, which is then stored and later dereferenced by the Io struct's Drop implementation. | |||||
CVE-2025-57615 | 1 Meh.schizofreni | 1 Rust-ffmpeg | 2025-09-10 | N/A | 7.5 HIGH |
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) An integer overflow vulnerability in the Vector::new constructor function allows an attacker to cause a denial of service via a null pointer dereference. The vulnerability stems from an unchecked cast of a usize parameter to c_int, which can result in a negative value being passed to the underlying C function sws_allocVec(). | |||||
CVE-2024-47704 | 1 Linux | 1 Linux Kernel | 2025-09-09 | N/A | 5.5 MEDIUM |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check link_res->hpo_dp_link_enc before using it [WHAT & HOW] Functions dp_enable_link_phy and dp_disable_link_phy can pass link_res without initializing hpo_dp_link_enc and it is necessary to check for null before dereferencing. This fixes 2 FORWARD_NULL issues reported by Coverity. | |||||
CVE-2025-9166 | 2025-09-09 | N/A | N/A | ||
A denial-of-service security issue exists in the affected product and version. The security issue stems from the controller repeatedly attempting to forward messages. The issue could result in a major nonrecoverable fault on the controller. | |||||
CVE-2025-0009 | 2025-09-08 | N/A | 5.5 MEDIUM | ||
A NULL pointer dereference in AMD Crash Defender could allow an attacker to write a NULL output to a log file potentially resulting in a system crash and loss of availability. | |||||
CVE-2025-36894 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.5 HIGH |
In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-36620 | 1 Mobyproject | 1 Moby | 2025-09-05 | N/A | 6.5 MEDIUM |
moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go. | |||||
CVE-2025-9817 | 2025-09-04 | N/A | 7.8 HIGH | ||
SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service | |||||
CVE-2025-8586 | 1 Libav | 1 Libav | 2025-09-04 | 1.7 LOW | 3.3 LOW |
A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ff_seek_frame_binary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2025-8584 | 1 Libav | 1 Libav | 2025-09-04 | 1.7 LOW | 3.3 LOW |
A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2024-53270 | 1 Envoyproxy | 1 Envoy | 2025-09-04 | N/A | 7.5 HIGH |
Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when `envoy.load_shed_points.http1_server_abort_dispatch` is configured. If `active_request` is nullptr, only onMessageBeginImpl() is called. However, the `onMessageBeginImpl` will directly return ok status if the stream is already reset leading to the nullptr reference. The downstream reset can actually happen during the H/2 upstream reset. As a result envoy may crash. This issue has been addressed in releases 1.32.3, 1.31.5, 1.30.9, and 1.29.12. Users are advised to upgrade. Users unable to upgrade may disable `http1_server_abort_dispatch` load shed point and/or use a high threshold. | |||||
CVE-2025-29888 | 2025-09-02 | N/A | N/A | ||
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later | |||||
CVE-2025-29879 | 2025-09-02 | N/A | N/A | ||
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later | |||||
CVE-2025-29889 | 2025-09-02 | N/A | N/A | ||
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later | |||||
CVE-2025-30268 | 2025-09-02 | N/A | N/A | ||
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later | |||||
CVE-2025-30262 | 2025-09-02 | N/A | N/A | ||
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0 ( 2025/06/13 ) and later |