Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

CVEs (781)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-23012 1F5 11Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+8 more Nov 21, 2024 Jan 25, 2022 N/A· v4 7.5 HIGH· v3 7.1 HIGH· v2 On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note:...Show more On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.Show less
CVE-2021-40574 1Gpac 1Gpac Mar 7, 2025 Jan 13, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and esc...Show more The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.Show less
CVE-2021-40573 1Gpac 1Gpac Nov 21, 2024 Jan 13, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service.
CVE-2021-40572 1Gpac 1Gpac Nov 21, 2024 Jan 13, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service.
CVE-2021-40571 1Gpac 1Gpac Nov 21, 2024 Jan 13, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
CVE-2021-40570 1Gpac 1Gpac Nov 21, 2024 Jan 13, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
CVE-2021-40569 1Gpac 1Gpac Nov 21, 2024 Jan 13, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which allows attackers to cause a denial of service.
CVE-2021-37529 2Debian Fig2dev Project 2Debian Linux Fig2dev Nov 21, 2024 Jan 12, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).
CVE-2021-40038 1Huawei 3Emui HarmonyosMagic Ui Nov 21, 2024 Jan 10, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-37120 1Huawei 2Emui Magic Ui Nov 21, 2024 Jan 3, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may cause a kernel crash or privilege escalation.
CVE-2021-45288 1Gpac 1Gpac Nov 21, 2024 Dec 21, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denail of Service via a crafted file in the MP4Box command.
CVE-2021-44732 2Arm Debian 2Debian Linux Mbed Tls Nov 3, 2025 Dec 20, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
CVE-2021-37072 1Huawei 1Harmonyos Nov 21, 2024 Dec 7, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 There is a Incorrect Calculation of Buffer Size vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory crash.
CVE-2021-43268 1Windriver 1Vxworks Nov 21, 2024 Nov 24, 2021 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free.
CVE-2021-40873 1Softing 7Datafeed Opc Suite EdgeconnectorOpc+4 more Nov 21, 2024 Nov 10, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or serv...Show more An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted.Show less
CVE-2021-1119 1Nvidia 1Virtual Gpu Nov 21, 2024 Oct 29, 2021 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. This flaw may result in a write-what-where condition, allow...Show more NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. This flaw may result in a write-what-where condition, allowing an attacker to execute arbitrary code impacting integrity and availability.Show less
CVE-2021-21797 1Gonitro 1Nitro Pro Nov 21, 2024 Oct 18, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed,...Show more An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released twice. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger this vulnerability.Show less
CVE-2021-25477 1Google 1Android Nov 21, 2024 Oct 6, 2021 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.
CVE-2021-22945 8Apple DebianFedoraproject+5 more 17Cloud Backup Clustered Data OntapDebian Linux+14 more Jun 9, 2025 Sep 23, 2021 N/A· v4 9.1 CRITICAL· v3 5.8 MEDIUM· v2 When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also...Show more When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again.Show less
CVE-2021-34769 1Cisco 1Ios Xe Nov 21, 2024 Sep 23, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated,...Show more Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition.Show less

Previous 1...222324...40 Next