VYPR

CWE-415

Double Free

VariantDraftLikelihood: High

Description

The product calls free() twice on the same memory address.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (275)

page 11 of 14
  • CVE-2026-23868MedMar 10, 2026
    risk 0.33cvss 5.1epss 0.00

    Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.

  • CVE-2026-5657MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2015-8894MedMar 15, 2017
    risk 0.29cvss 5.5epss 0.01

    Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.

  • CVE-2016-8619MedAug 1, 2018
    risk 0.28cvss 5.3epss 0.05

    The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.

  • CVE-2016-8618MedJul 31, 2018
    risk 0.28cvss 5.3epss 0.05

    The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.

  • CVE-2026-33995MedMar 30, 2026
    risk 0.27cvss 5.3epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() (WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c) can cause a crash in any FreeRDP…

  • CVE-2026-35188MedJun 9, 2026
    risk 0.26cvss 5.0epss 0.00

    Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, triggering a double-free in the client's certificate verification path. Impact summary: Successful exploitation allows an attacker to corrupt…

  • CVE-2026-48850LowMay 25, 2026
    risk 0.24cvss 3.7epss 0.00

    PuTTY 0.72 before 0.84 has a double free in RSA KEX.

  • CVE-2026-32848MedMay 18, 2026
    risk 0.24cvss 4.7epss 0.00

    NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodev_op() within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently issuing CIOCCRYPT operations on the same session identifier on SMP systems.…

  • CVE-2025-2925LowMar 28, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has…

  • CVE-2026-45324LowMay 29, 2026
    risk 0.14cvss 3.3epss 0.00

    Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer ownership declared. This vulnerability is fixed by commit 045fff363b42b8a6dda8ad5229c29ec3267e7dbe.

  • CVE-2025-13566LowNov 23, 2025
    risk 0.14cvss 3.3epss 0.00

    A security vulnerability has been detected in jarun nnn up to 5.1. The impacted element is the function show_content_in_floating_window/run_cmd_as_plugin of the file nnn/src/nnn.c. The manipulation leads to double free. An attack has to be approached locally. The identifier of…

  • CVE-2026-44348LowMay 14, 2026
    risk 0.09cvss 2.5epss 0.00

    PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFinal fails after buf has already been freed, the Error label frees buf a second…

  • CVE-2003-0015Feb 7, 2003
    risk 0.05cvss epss 0.24

    Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.

  • CVE-2014-1767Jul 8, 2014
    risk 0.04cvss epss 0.13

    Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows…

  • CVE-2015-0058Feb 11, 2015
    risk 0.03cvss epss 0.03

    Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a crafted application, aka "Windows Cursor Object Double Free Vulnerability."

  • CVE-2015-0312Jan 28, 2015
    risk 0.01cvss epss 0.07

    Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors.

  • CVE-2014-0301Mar 12, 2014
    risk 0.01cvss epss 0.14

    Double free vulnerability in qedit.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute…

  • CVE-2010-4494Dec 7, 2010
    risk 0.01cvss epss 0.08

    Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

  • CVE-2007-1216Apr 6, 2007
    risk 0.01cvss epss 0.10

    Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to…