Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

CVEs (781)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-18718 2Debian Gnome 2Debian Linux Gthumb Nov 21, 2024 Oct 29, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffe...Show more An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer.Show less
CVE-2017-18297 1Qualcomm 7Sd 425 Firmware Sd 430 FirmwareSd 450 Firmware+4 more Nov 21, 2024 Oct 23, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820.
CVE-2018-12841 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Oct 12, 2018 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2018-0469 1Cisco 1Ios Xe Nov 21, 2024 Oct 5, 2018 N/A· v4 6.8 MEDIUM· v3 7.1 HIGH· v2 A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by th...Show more A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker could exploit this vulnerability by sending specific HTTP requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network.Show less
CVE-2018-9513 1Google 1Android Nov 21, 2024 Oct 2, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exp...Show more In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111081202 References: N/AShow less
CVE-2018-4000 1Atlantiswordprocessor 1Atlantis Word Processor Nov 21, 2024 Oct 1, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in...Show more An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope. An attacker must convince a victim to open a document in order to trigger this vulnerability.Show less
CVE-2018-17825 2Adplug Project Fedoraproject 2Adplug Fedora Nov 21, 2024 Oct 1, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE...Show more An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE.Show less
CVE-2018-11982 1Qualcomm 28Mdm9206 Firmware Mdm9607 FirmwareMdm9635m Firmware+25 more Nov 21, 2024 Sep 20, 2018 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 62...Show more In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure.Show less
CVE-2018-11840 1Google 1Android Nov 21, 2024 Sep 18, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the WLAN driver command ioctl a temporary buffer used to construct the reply message may be fre...Show more In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the WLAN driver command ioctl a temporary buffer used to construct the reply message may be freed twice.Show less
CVE-2018-11276 1Google 1Android Nov 21, 2024 Sep 18, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free that memory on driver pr...Show more In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free that memory on driver probe failure, since memory allocated is automatically freed on probe.Show less
CVE-2018-11273 1Google 1Android Nov 21, 2024 Sep 18, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, 'voice_svc_dev' is allocated as a device-managed resource. If error 'cdev_alloc_err' occurs, 'device_destroy' wi...Show more In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, 'voice_svc_dev' is allocated as a device-managed resource. If error 'cdev_alloc_err' occurs, 'device_destroy' will free all associated resources, including 'voice_svc_dev' leading to a double free.Show less
CVE-2018-11270 1Google 1Android Nov 21, 2024 Sep 18, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzalloc is automatically released by the kernel if the probe function fails with an e...Show more In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzalloc is automatically released by the kernel if the probe function fails with an error code. This may result in data corruption.Show less
CVE-2018-17097 1Surina 1Soundtouch Nov 21, 2024 Sep 16, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch.
CVE-2018-14638 2Fedoraproject Redhat 7389 Directory Server Enterprise Linux AusEnterprise Linux Desktop+4 more Nov 21, 2024 Sep 14, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
CVE-2018-16425 1Opensc Project 1Opensc Nov 21, 2024 Sep 4, 2018 N/A· v4 6.6 MEDIUM· v3 4.6 MEDIUM· v2 A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial o...Show more A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.Show less
CVE-2018-16424 1Opensc Project 1Opensc Nov 21, 2024 Sep 4, 2018 N/A· v4 6.6 MEDIUM· v3 4.6 MEDIUM· v2 A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (applic...Show more A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.Show less
CVE-2018-16423 1Opensc Project 1Opensc Nov 21, 2024 Sep 4, 2018 N/A· v4 6.6 MEDIUM· v3 4.6 MEDIUM· v2 A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (appl...Show more A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.Show less
CVE-2018-16402 5Canonical DebianElfutils Project+2 more 7Debian Linux ElfutilsEnterprise Linux Desktop+4 more Nov 21, 2024 Sep 3, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
CVE-2018-10902 4Canonical DebianLinux+1 more 6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 more Nov 21, 2024 Aug 21, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_ra...Show more It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.Show less
CVE-2018-1000222 3Canonical DebianLibgd 3Debian Linux LibgdUbuntu Linux Nov 21, 2024 Aug 20, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigge...Show more Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.Show less

Previous 1...323334...40 Next