CWE-476

Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.

RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message and the ephemeral port used by RIOT’s MQTT implementation. Additionally, the server IP address is required for spoofing the packet.

marc-q libwav through 2017-04-20 has a NULL pointer dereference in gain_file() at wav_gain.c.

Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::ReadUI32 in Core/Ap4ByteStream.cpp when called from the AP4_TrunAtom class.

ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c.

ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_decode_step() at huffman.c.