VYPR

CWE-415

Double Free

VariantDraftLikelihood: High

Description

The product calls free() twice on the same memory address.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (275)

page 10 of 14
  • CVE-2025-2027MedMar 28, 2025
    risk 0.38cvss epss 0.00

    A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially crafted local RPC requests, leading to the service crash and potentially memory manipulation in some rare circumstances. Refer to the…

  • CVE-2026-34867MedApr 13, 2026
    risk 0.36cvss 5.6epss 0.00

    Double free vulnerability in the multi-mode input system. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2025-43282MedOct 15, 2025
    risk 0.36cvss 5.5epss 0.00

    A double free issue was addressed with improved memory management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to cause unexpected system…

  • CVE-2024-27389MedMay 1, 2024
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: pstore: inode: Only d_invalidate() is needed Unloading a modular pstore backend with records in pstorefs would trigger the dput() double-drop warning: WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762…

  • CVE-2018-11730MedJun 19, 2018
    risk 0.36cvss 5.5epss 0.01

    The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. NOTE: the vendor has disputed this as described in…

  • CVE-2018-7899MedApr 19, 2018
    risk 0.36cvss 5.5epss 0.01

    The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones with software Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00),…

  • CVE-2017-15330MedFeb 15, 2018
    risk 0.36cvss 5.5epss 0.01

    The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167 has a double free vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability.…

  • CVE-2017-15364MedOct 15, 2017
    risk 0.36cvss 5.5epss 0.01

    The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. NOTE: This has been disputed and it is argued that this is not present in…

  • CVE-2015-5203MedAug 2, 2017
    risk 0.36cvss 5.5epss 0.02

    Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

  • CVE-2014-9807MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors.

  • CVE-2017-6353MedMar 1, 2017
    risk 0.36cvss 5.5epss 0.00

    net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this…

  • CVE-2025-32988MedJul 10, 2025
    risk 0.35cvss 6.5epss 0.01

    A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call…

  • CVE-2025-4574MedMay 13, 2025
    risk 0.35cvss 6.5epss 0.00

    In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.

  • CVE-2025-31241MedMay 12, 2025
    risk 0.35cvss 5.3epss 0.01

    A double free issue was addressed with improved memory management. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may cause an unexpected app…

  • CVE-2018-14524MedJul 23, 2018
    risk 0.35cvss 6.5epss 0.01

    dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.

  • CVE-2026-5186MedMar 31, 2026
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF File Handler. This manipulation causes double free. The attack requires local access. The exploit has been made…

  • CVE-2025-8585MedAug 5, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking locally is a requirement. The…

  • CVE-2018-7523MedMar 21, 2018
    risk 0.34cvss 5.3epss 0.00

    In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability.

  • CVE-2026-6654MedApr 20, 2026
    risk 0.33cvss 5.1epss 0.00

    Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero.

  • CVE-2026-31053MedApr 6, 2026
    risk 0.33cvss 6.2epss 0.00

    A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap…