CWE-415
Double Free
VariantDraftLikelihood: High
Description
The product calls free() twice on the same memory address.
Hierarchy (View 1000)
CVEs mapped to this weakness (156)
page 5 of 8| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-7373 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver. | |
| CVE-2015-9007 | Hig | 0.51 | 7.8 | 0.00 | Jun 6, 2017 | In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist. | |
| CVE-2017-8890 | Hig | 0.51 | 7.8 | 0.00 | May 10, 2017 | The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. | |
| CVE-2017-2425 | Hig | 0.51 | 7.8 | 0.00 | Apr 2, 2017 | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "SecurityFoundation" component. A double free vulnerability allows remote attackers to execute arbitrary code via a crafted certificate. | |
| CVE-2017-5506 | Hig | 0.51 | 7.8 | 0.00 | Mar 24, 2017 | Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file. | |
| CVE-2016-8693 | Hig | 0.51 | 7.8 | 0.01 | Feb 15, 2017 | Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command. | |
| CVE-2016-9806 | Hig | 0.51 | 7.8 | 0.00 | Dec 28, 2016 | Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated. | |
| CVE-2016-5384 | Hig | 0.51 | 7.8 | 0.00 | Aug 13, 2016 | fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file. | |
| CVE-2026-33811 | Hig | 0.49 | 7.5 | 0.00 | May 7, 2026 | When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. | |
| CVE-2020-27153 | Hig | 0.49 | 8.6 | 0.02 | Oct 15, 2020 | In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. | |
| CVE-2015-5177 | Hig | 0.49 | 7.5 | 0.01 | Oct 22, 2017 | Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package. | |
| CVE-2017-6362 | Hig | 0.49 | 7.5 | 0.00 | Sep 7, 2017 | Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. | |
| CVE-2017-5836 | Hig | 0.49 | 7.5 | 0.00 | Mar 3, 2017 | The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free. | |
| CVE-2005-0891 | Hig | 0.49 | 7.5 | 0.02 | May 2, 2005 | Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image. | |
| CVE-2010-3957 | Hig | 0.48 | 7.3 | 0.04 | Dec 16, 2010 | Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability." | |
| CVE-2015-8962 | Hig | 0.47 | 7.3 | 0.00 | Nov 16, 2016 | Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call. | |
| CVE-2026-34341 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-32219 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-26166 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Double free in Windows Shell allows an authorized attacker to elevate privileges locally. | |
| CVE-2025-23282 | Hig | 0.46 | 7.0 | 0.00 | Oct 10, 2025 | NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. |