Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

CVEs (781)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-8044 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Aug 20, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a double f...Show more Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution .Show less
CVE-2019-2126 4Canonical FedoraprojectGoogle+1 more 4Android FedoraLeap+1 more Nov 21, 2024 Aug 20, 2019 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User inter...Show more In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.Show less
CVE-2019-15212 5Canonical DebianLinux+2 more 9Active Iq Unified Manager Data Availability ServicesDebian Linux+6 more Nov 21, 2024 Aug 19, 2019 N/A· v4 4.6 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.
CVE-2019-15151 2Adplug Project Fedoraproject 2Adplug Fedora Nov 21, 2024 Aug 18, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h.
CVE-2019-1144 1Microsoft 8Windows 10 Windows 7Windows 8.1+5 more Feb 20, 2026 Aug 14, 2019 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected...Show more A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.Show less
CVE-2019-5236 1Huawei 1Emily L29c Firmware Nov 21, 2024 Aug 8, 2019 N/A· v4 6.3 MEDIUM· v3 6.8 MEDIUM· v2 Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An...Show more Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An attacker can trick a user to click a URL to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal.Show less
CVE-2018-20961 1Linux 1Linux Kernel Nov 21, 2024 Aug 7, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have...Show more In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.Show less
CVE-2019-13105 1Denx 1U Boot Nov 21, 2024 Aug 6, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.
CVE-2019-5460 2Opensuse Videolan 3Backports LeapVlc Media Player Nov 21, 2024 Jul 30, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Double Free in VLC versions <= 3.0.6 leads to a crash.
CVE-2019-1020014 3Canonical DockerFedoraproject 3Credential Helpers FedoraUbuntu Linux Nov 21, 2024 Jul 29, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 docker-credential-helpers before 0.6.3 has a double free in the List functions.
CVE-2019-3896 2Linux Redhat 5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+2 more Nov 21, 2024 Jun 19, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).
CVE-2019-12874 1Videolan 1Vlc Media Player Nov 21, 2024 Jun 18, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.
CVE-2019-12865 1Radare 1Radare2 Nov 21, 2024 Jun 17, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.
CVE-2018-11947 1Qualcomm 42Ipq8064 Firmware Mdm9150 FirmwareMdm9206 Firmware+39 more Nov 21, 2024 Jun 14, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The txrx stats req might be double freed in the pdev detach when the host driver is unloading in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrag...Show more The txrx stats req might be double freed in the pdev detach when the host driver is unloading in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8064, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24Show less
CVE-2019-2096 1Google 1Android Nov 21, 2024 Jun 7, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In EffectRelease of EffectBundle.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User...Show more In EffectRelease of EffectBundle.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-123237974.Show less
CVE-2019-5305 1Huawei 1Mate 10 Firmware Nov 21, 2024 Jun 6, 2019 N/A· v4 5.5 MEDIUM· v3 7.1 HIGH· v2 The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the ap...Show more The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash.Show less
CVE-2019-5219 1Huawei 1Mate 10 Firmware Nov 21, 2024 Jun 6, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which ma...Show more There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition.Show less
CVE-2019-7080 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 May 24, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a double free vulnerability. Successful exploitation could...Show more Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution .Show less
CVE-2019-2247 1Qualcomm 38Mdm9150 Firmware Mdm9206 FirmwareMdm9607 Firmware+35 more Nov 21, 2024 May 24, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Possibility of double free issue while running multiple instances of smp2p test because of proper protection is missing while using global variable in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdra...Show more Possibility of double free issue while running multiple instances of smp2p test because of proper protection is missing while using global variable in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24Show less
CVE-2016-9969 1Webmproject 1Libwebp Nov 21, 2024 May 23, 2019 N/A· v4 7.5 HIGH· v3 5.1 MEDIUM· v2 In libwebp 0.5.1, there is a double free bug in libwebpmux.

Previous 1...303132...40 Next