Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

CVEs (781)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-0502 4Adobe OpensuseRedhat+1 more 10Adobe Air Adobe Air SdkEnterprise Linux Desktop+7 more Apr 21, 2026 Feb 21, 2014 N/A· v4 8.8 HIGH· v3 10.0 HIGH· v2 Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR S...Show more Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.Show less
CVE-2014-1252 1Apple 3Iphone Os Mac Os XPages Apr 29, 2026 Jan 24, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.
CVE-2011-3892 2Debian Google 2Chrome Debian Linux Apr 29, 2026 Nov 11, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.
CVE-2011-2834 4Apple DebianGoogle+1 more 8Chrome Debian LinuxEnterprise Linux Desktop+5 more Apr 29, 2026 Sep 19, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
CVE-2011-2821 4Apple DebianGoogle+1 more 8Chrome Debian LinuxEnterprise Linux Desktop+5 more Apr 29, 2026 Aug 29, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
CVE-2010-3957 1Microsoft 6Windows 2003 Server Windows 7Windows Server 2003+3 more Apr 29, 2026 Dec 16, 2010 N/A· v4 7.3 HIGH· v3 6.9 MEDIUM· v2 Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users...Show more Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."Show less
CVE-2010-4494 10Apache AppleDebian+7 more 17Chrome Debian LinuxEnterprise Linux Desktop+14 more Apr 29, 2026 Dec 7, 2010 N/A· v4 N/A· v3 7.5 HIGH· v2 Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impac...Show more Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.Show less
CVE-2010-3080 4Canonical LinuxOpensuse+1 more 6Linux Enterprise Desktop Linux Enterprise Real Time ExtensionLinux Enterprise Server+3 more Apr 29, 2026 Sep 21, 2010 N/A· v4 N/A· v3 7.2 HIGH· v2 Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified othe...Show more Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device.Show less
CVE-2009-1544 1Microsoft 4Windows 2003 Server Windows Server 2008Windows Vista+1 more Apr 23, 2026 Aug 12, 2009 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a de...Show more Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."Show less
CVE-2008-2944 3Fedoraproject LinuxRedhat 3Enterprise Linux Fedora CoreLinux Kernel Apr 23, 2026 Jun 30, 2008 N/A· v4 N/A· v3 4.9 MEDIUM· v2 Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated b...Show more Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different vulnerability than CVE-2008-2365.Show less
CVE-2007-1216 3Canonical DebianMit 3Debian Linux Kerberos 5Ubuntu Linux Apr 23, 2026 Apr 6, 2007 N/A· v4 N/A· v3 9.0 HIGH· v2 Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RP...Show more Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".Show less
CVE-2006-5051 3Apple DebianOpenbsd 4Debian Linux Mac Os XMac Os X Server+1 more Apr 23, 2026 Sep 27, 2006 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead...Show more Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.Show less
CVE-2005-1689 3Apple DebianMit 4Debian Linux Kerberos 5Mac Os X+1 more Apr 16, 2026 Jul 18, 2005 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.
CVE-2005-0891 1Gnome 1Gtk Apr 16, 2026 May 2, 2005 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
CVE-2004-0772 3Debian MitOpenpkg 3Debian Linux Kerberos 5Openpkg Apr 16, 2026 Oct 20, 2004 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
CVE-2004-0643 3Debian MitRedhat 5Debian Linux Enterprise Linux DesktopEnterprise Linux Server+2 more Apr 16, 2026 Sep 28, 2004 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.
CVE-2004-0642 3Debian MitRedhat 5Debian Linux Enterprise Linux DesktopEnterprise Linux Server+2 more Apr 16, 2026 Sep 28, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to...Show more Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.Show less
CVE-2003-1048 1Microsoft 8Internet Explorer OutlookWindows 98+5 more Apr 16, 2026 Jul 27, 2004 N/A· v4 7.8 HIGH· v3 10.0 HIGH· v2 Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
CVE-2003-0545 1Openssl 1Openssl Apr 16, 2026 Nov 17, 2003 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
CVE-2003-0015 2Cvs Freebsd 2Cvs Freebsd Apr 16, 2026 Feb 7, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to...Show more Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.Show less

Previous 1...36 37 383940 Next