VYPR

CWE-415

Double Free

VariantDraftLikelihood: High

Description

The product calls free() twice on the same memory address.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (275)

page 2 of 14
  • CVE-2017-16820CriNov 14, 2017
    risk 0.64cvss 9.8epss 0.04

    The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).

  • CVE-2017-14952CriOct 16, 2017
    risk 0.64cvss 9.8epss 0.05

    Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue.

  • CVE-2017-11462CriSep 13, 2017
    risk 0.64cvss 9.8epss 0.05

    Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.

  • CVE-2015-7700CriAug 31, 2017
    risk 0.64cvss 9.8epss 0.02

    Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors.

  • CVE-2017-12858CriAug 23, 2017
    risk 0.64cvss 9.8epss 0.04

    Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.

  • CVE-2017-1000072CriJul 17, 2017
    risk 0.64cvss 9.8epss 0.02

    Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations

  • CVE-2017-11139CriJul 10, 2017
    risk 0.64cvss 9.8epss 0.03

    GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.

  • CVE-2016-6912CriJan 26, 2017
    risk 0.64cvss 9.8epss 0.04

    Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.

  • CVE-2016-3177CriJan 23, 2017
    risk 0.64cvss 9.8epss 0.02

    Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors.

  • CVE-2016-5772CriAug 7, 2016
    risk 0.64cvss 9.8epss 0.10

    Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted…

  • CVE-2016-5768CriAug 7, 2016
    risk 0.64cvss 9.8epss 0.10

    Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash)…

  • CVE-2015-8880CriMay 22, 2016
    risk 0.64cvss 9.8epss 0.03

    Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error.

  • CVE-2004-0772CriOct 20, 2004
    risk 0.64cvss 9.8epss 0.07

    Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.

  • CVE-2002-0059CriMar 15, 2002
    risk 0.64cvss 9.8epss 0.10

    The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed…

  • CVE-2026-23918HigMay 4, 2026
    risk 0.60cvss 8.8epss 0.46

    Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

  • CVE-2009-1544HigAug 12, 2009
    risk 0.59cvss 8.8epss 0.21

    Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold,…

  • CVE-2025-55118HigSep 16, 2025
    risk 0.58cvss 8.9epss 0.00

    Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent…

  • CVE-2018-1000222HigAug 20, 2018
    risk 0.58cvss 8.8epss 0.04

    Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been…

  • CVE-2018-8804HigMar 20, 2018
    risk 0.58cvss 8.8epss 0.04

    WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file.

  • CVE-2017-9078HigMay 19, 2017
    risk 0.58cvss 8.8epss 0.05

    The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.