CWE-476: NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Yearly Trend
Top Affected Vendors
All NULL Pointer Dereference CVEs (1,240)
This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed in a guest OS could crash the host QEMU process and...
Aug 22, 2023CVE-2024-55193 is a NULL pointer dereference vulnerability in OpenImageIO's string_view.h component that can cause segmentation faults. This allows at...
Jan 23, 2025A null pointer dereference vulnerability in GStreamer's GDK Pixbuf decoder can cause a segmentation fault when processing specially crafted media file...
Dec 12, 2024A null pointer dereference vulnerability in FreeCoAP 1.0 allows remote attackers to cause denial of service or potentially execute arbitrary code by s...
Oct 22, 2024A null pointer dereference vulnerability in gpac's DASH client component allows remote attackers to execute arbitrary code, cause denial of service, o...
Mar 9, 2024A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or cause denial of service by sending a specially cr...
Nov 16, 2023A NULL pointer dereference vulnerability in GPAC multimedia framework allows attackers to cause denial of service (crash) or potentially execute arbit...
May 22, 2023This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX_TABLE_CAPACITY in the QPACK encoder, which can le...
May 11, 2022A null pointer dereference vulnerability in Qualcomm Snapdragon chipsets allows remote attackers to cause denial of service or potentially execute arb...
Sep 9, 2021This vulnerability allows attackers to execute arbitrary code or cause denial-of-service by exploiting a NULL pointer dereference in GPAC's MP4 file p...
Apr 14, 2021This vulnerability in the cbox crate for Rust allows dereferencing raw pointers without unsafe code requirements, potentially leading to memory corrup...
Dec 31, 2020This CVE describes a null-pointer dereference vulnerability in Qualcomm Snapdragon chipsets that allows attackers to access memory beyond allocated bu...
Nov 12, 2020CVE-2019-8572 is a critical null pointer dereference vulnerability in Apple AirPort Base Station firmware that allows remote attackers to execute arbi...
Oct 27, 2020A NULL pointer dereference vulnerability in FreeCoAP v0.7 allows remote attackers to cause denial of service or potentially disclose memory contents v...
May 31, 2024This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's USB core subsystem. When a USB hub is concurrently removed while por...
May 30, 2024A NULL pointer dereference vulnerability in the Linux kernel's mlx5 network driver allows local attackers to cause a kernel crash (denial of service) ...
May 20, 2024This CVE describes a race condition vulnerability in the Linux kernel's wilc1000 WiFi driver where improper RCU (Read-Copy-Update) usage during WiFi c...
May 1, 2024CVE-2024-23080 is a disputed vulnerability in Joda Time v2.12.5 where a NullPointerException could occur in the PeriodFormat::wordBased(Locale) compon...
Apr 10, 2024CVE-2024-23078 is a disputed vulnerability in JGraphT Core v1.5.2 where a NullPointerException could occur in the ToleranceDoubleComparator::compare m...
Apr 8, 2024This vulnerability in strongSwan allows a malicious VPN responder to bypass authentication by sending an EAP-Success message prematurely. Attackers ca...
Jan 31, 2022This vulnerability allows attackers to perform reflected file download attacks by exploiting NULL character truncation in Firefox's Content-Dispositio...
Jun 2, 2023This vulnerability in TensorFlow's boosted trees implementation allows attackers to trigger denial of service, exploit undefined behavior, and potenti...
Nov 5, 2021A null pointer dereference vulnerability in FFmpeg's latm_write_packet function allows attackers to cause denial of service or potentially execute arb...
Sep 20, 2021This vulnerability in Cisco Firepower Threat Defense (FTD) Software allows unauthenticated remote attackers to cause a denial of service by sending sp...
Oct 23, 2024An unauthenticated remote attacker can cause Cisco IOS XE devices to crash and reload by sending crafted HTTP requests to specific URLs when the Telem...
Sep 25, 2024An unauthenticated remote attacker can send a specially crafted DHCPv6 packet to cause the dhcp_snoop process to crash repeatedly, leading to device r...
Aug 28, 2024A NULL pointer dereference vulnerability in SIPp allows remote attackers to crash the application via specially crafted SIP messages, causing denial o...
Jan 23, 2026This vulnerability allows attackers to cause denial of service or potentially execute arbitrary code by exploiting a null pointer dereference in Qualc...
Feb 11, 2022This vulnerability allows a null pointer dereference in the DIAG component of Qualcomm Snapdragon chipsets when memory allocation fails. It affects Sn...
Oct 20, 2021This vulnerability in TensorFlow allows attackers to cause a null pointer dereference or read memory outside heap bounds when restoring tensors via ra...
Aug 12, 2021This vulnerability in Apache HTTP Server allows attackers to crash the server via NULL pointer dereference or perform Server-Side Request Forgery (SSR...
Dec 20, 2021This vulnerability in Google Chrome on Android allows a malicious app to send arbitrary intents to other apps via WebOTP, bypassing normal security re...
Jul 23, 2022A NULL pointer dereference vulnerability in Intel MLC software before version 3.11b allows authenticated local users to potentially cause denial of se...
Feb 12, 2025A memory corruption vulnerability in Foxit PDF and Editor allows attackers to execute arbitrary code by exploiting improper state updates when deletin...
Dec 11, 2025This vulnerability in Foxit PDF software allows memory corruption when pages are deleted via JavaScript, potentially enabling arbitrary code execution...
Dec 11, 2025A race condition in the Linux kernel's memory controller (memcontrol) subsystem can cause a NULL pointer dereference when retrieving memory cgroups by...
Oct 7, 2025A vulnerability in Wireshark's SSH dissector causes a crash when processing specially crafted SSH packets, leading to denial of service. This affects ...
Sep 3, 2025A null pointer dereference vulnerability in Windows Ancillary Function Driver for WinSock allows authenticated attackers to execute arbitrary code wit...
Aug 12, 2025A null pointer dereference vulnerability in Microsoft Brokering File System allows authenticated attackers to execute arbitrary code with elevated SYS...
Jul 8, 2025A NULL pointer dereference vulnerability in the Linux kernel's SCSI target subsystem allows attackers to crash the kernel by sending specially crafted...
May 2, 2025This CVE describes a memory corruption vulnerability in Qualcomm display drivers that occurs when detaching a device. Successful exploitation could al...
Mar 3, 2025A null pointer dereference vulnerability in Macrium Reflect backup software allows local attackers to crash systems or potentially gain elevated privi...
Jan 16, 2025This CVE describes a local privilege escalation vulnerability in Android's Bluetooth module caused by a missing null check. An attacker with local acc...
Nov 13, 2024This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's w83791d hardware monitoring driver. An attacker with local access co...
May 21, 2024This vulnerability in Android's TileLifecycleManager allows malicious apps to launch activities from the background without user interaction due to a ...
Feb 16, 2024This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploiting a NULL pointer dereference in the Resilient File...
Jun 14, 2023A NULL pointer dereference vulnerability in GPAC multimedia framework allows attackers to cause denial of service (crash) by exploiting improper handl...
May 31, 2023CVE-2021-23180 is a null pointer dereference vulnerability in htmldoc versions 1.9.12 and earlier that could allow attackers to execute arbitrary code...
Mar 2, 2022This vulnerability in the Linux kernel's BPF verifier allows local users to perform privilege escalation through pointer arithmetic with certain *_OR_...
Jan 14, 2022CVE-2021-40826 is a memory corruption vulnerability in Clementine Music Player's MP3 parsing functionality that allows attackers to crash the applicat...
Dec 15, 2021About NULL Pointer Dereference (CWE-476)
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Our database tracks 1,240 CVEs classified as CWE-476, with 20 rated critical and 292 rated high severity. The average CVSS score for NULL Pointer Dereference vulnerabilities is 6.1.
External reference: View CWE-476 on MITRE CWE →
Monitor NULL Pointer Dereference Vulnerabilities
Get alerted when new NULL Pointer Dereference CVEs affect your infrastructure.
Start Monitoring Free