Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

CVEs (781)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-21758 1Google 1Android Nov 21, 2024 Jun 6, 2022 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In ccu, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP...Show more In ccu, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06439600; Issue ID: ALPS06439600.Show less
CVE-2021-42613 2Fedoraproject Halibut Project 2Fedora Halibut Nov 21, 2024 May 24, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document.
CVE-2022-29032 1Siemens 2Jt2go Teamcenter Visualization Nov 21, 2024 May 20, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll libra...Show more A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.Show less
CVE-2022-28738 1Ruby Lang 1Ruby Nov 21, 2024 May 9, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory loc...Show more A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.Show less
CVE-2020-14123 1Mi 1Miui Nov 21, 2024 Apr 22, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through...Show more There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges.Show less
CVE-2021-42778 3Fedoraproject Opensc ProjectRedhat 3Enterprise Linux FedoraOpensc Nov 3, 2025 Apr 18, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.
CVE-2022-29156 2Linux Netapp 9H300e Firmware H300s FirmwareH410c Firmware+6 more Nov 21, 2024 Apr 13, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.
CVE-2022-27416 1Broadcom 1Tcpreplay Nov 21, 2024 Apr 12, 2022 N/A· v4 7.8 HIGH· v3 5.1 MEDIUM· v2 Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.
CVE-2022-25796 1Autodesk 1Navisworks Nov 21, 2024 Apr 11, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability in th...Show more A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.Show less
CVE-2022-28390 4Debian FedoraprojectLinux+1 more 4Debian Linux FedoraHci Baseboard Management Controller+1 more Jun 25, 2025 Apr 3, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28389 4Debian FedoraprojectLinux+1 more 11Debian Linux FedoraH300e Firmware+8 more Nov 21, 2024 Apr 3, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28388 4Debian FedoraprojectLinux+1 more 11Debian Linux FedoraH300e Firmware+8 more May 5, 2025 Apr 3, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
CVE-2021-42533 1Adobe 1Bridge Nov 21, 2024 Mar 16, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Adobe Bridge version 11.1.1 (and earlier) is affected by a double free vulnerability when parsing a crafted DCM file, which could result in arbitrary code execution in the context of the current user. This vulnerability...Show more Adobe Bridge version 11.1.1 (and earlier) is affected by a double free vulnerability when parsing a crafted DCM file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.Show less
CVE-2021-39725 1Google 1Android Nov 21, 2024 Mar 16, 2022 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In gasket_free_coherent_memory_all of gasket_page_table.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User intera...Show more In gasket_free_coherent_memory_all of gasket_page_table.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151454974References: N/AShow less
CVE-2021-23158 1Htmldoc Project 1Htmldoc Nov 21, 2024 Mar 16, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service.
CVE-2021-46700 2Libsixel Project Saitoha 2Libsixel Libsixel Apr 24, 2026 Feb 19, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.
CVE-2021-46625 1Bentley 2Microstation View Nov 21, 2024 Feb 18, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malici...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15455.Show less
CVE-2021-46621 1Bentley 3Microstation Microstation ConnectView Nov 21, 2024 Feb 18, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target mus...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15415.Show less
CVE-2021-4091 2Port389 Redhat 8389 Ds Base Enterprise Linux DesktopEnterprise Linux For Ibm Z Systems+5 more Nov 3, 2025 Feb 18, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.
CVE-2021-22600 3Debian LinuxNetapp 118300 Firmware 8700 FirmwareA400 Firmware+8 more Oct 24, 2025 Jan 26, 2022 N/A· v4 7.0 HIGH· v3 7.2 HIGH· v2 A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions...Show more A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755Show less

Previous 1...212223...40 Next