CVE-2026-45104

MapServer CVE-2026-45104 describes a NULL pointer dereference in SLD parsing of rules when exposed via WMS SLD_BODY. From 6.4.0 through before 8.6.3, msSLDParseUserStyle calls _SLDApplyRuleValues(psRule, psLayer, 1) for any with , assuming one class was added. If the rule has no symbolizer (sti...

CVE-2026-45104

MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer, 1; for any carrying — it assumes msSLDParseRule added one class. When the rule has no symbolizer a structurally valid SLD, msSLDParseRul...

CVE-2026-45104

MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer, 1; for any carrying — it assumes msSLDParseRule added one class. When the rule has no symbolizer a structurally valid SLD, msSLDParseRul...

CVE-2026-9759 NULL Pointer Dereference in Wireshark

ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service...

CVE-2026-9759

CVE-2026-9759 describes a NULL pointer dereference in the ROHC protocol dissector of Wireshark, affecting Wireshark versions 4.6.0–4.6.5 and 4.4.0–4.4.15, which can lead to a denial of service. The provided documents identify the affected components and the impact but do not specify a patch versi...

CVE-2026-46079

A flaw was found in the Linux kernel's Rados Block Device rbd module. When adding a new block device, a double teardown of resources can occur if the disk addition process fails. This can lead to a null-pointer dereference during cleanup operations, allowing a local attacker to cause a system...

CVE-2026-46086

A flaw was found in the Linux kernel. Inconsistent handling of local Forwarding Database FDB entries in the bridge networking component's RCU Read-Copy-Update readers can lead to a null-pointer dereference. A local attacker could exploit this by triggering a concurrent update to an FDB entry,...

CVE-2026-44328

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi/v1/upNodesLinks/upNodeRef handler unconditionally dereferences upNode.UPF after the type-guarded...

CVE-2026-44323

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one...

CVE-2026-44322

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/afId/transactions/transId/applications/appId handler panics with a nil-pointer dereference when the upstream UDR call fails AND the consumer wrapper returns err != nil...

CVE-2026-44317

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-policyauthorization/v1/app-sessions handler panics on a single authenticated request whose ascReqData.suppFeat == "1" enabling traffic-routing feature negotiation and whose medComponents...

CVE-2026-44316

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler HandleCreateSmPolicyRequest panics with a nil-pointer dereference when a downstream OpenAPI consumer call UDR lookup returns 404 Not Found and the...

DEBIAN-CVE-2025-70116

A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields e.g., codec/mime/profile strings. gfmediamapesd then calls strlen on a NULL pointer, triggering a crash ASan SEGV...

CVE-2025-70116

A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields e.g., codec/mime/profile strings. gfmediamapesd then calls strlen on a NULL pointer, triggering a crash ASan SEGV...

UBUNTU-CVE-2025-70116

A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields e.g., codec/mime/profile strings. gfmediamapesd then calls strlen on a NULL pointer, triggering a crash ASan SEGV...

CVE-2026-46098

A flaw was found in the Linux kernel's CAIF network module. When a client is torn down, the caiffreeclient function frees a service pointer but leaves it in a stale state. If the socket is later destroyed, caiffreeclient may be called again, attempting to use the previously freed pointer. This ca...

firefox: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component...

firefox: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component...

firefox: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component...

firefox: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component...