VYPR

CWE-415

Double Free

VariantDraftLikelihood: High

Description

The product calls free() twice on the same memory address.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (275)

page 6 of 14
  • CVE-2016-8693HigFeb 15, 2017
    risk 0.51cvss 7.8epss 0.03

    Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.

  • CVE-2016-9806HigDec 28, 2016
    risk 0.51cvss 7.8epss 0.00

    Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to…

  • CVE-2016-5384HigAug 13, 2016
    risk 0.51cvss 7.8epss 0.00

    fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.

  • CVE-2026-43249HigMay 6, 2026
    risk 0.50cvss 8.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: 9p/xen: protect xen_9pfs_front_free against concurrent calls The xenwatch thread can race with other back-end change notifications and call xen_9pfs_front_free() twice, hitting the observed general protection…

  • CVE-2016-1516HigApr 10, 2017
    risk 0.50cvss 8.8epss 0.02

    OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.

  • CVE-2023-25136MedFeb 3, 2023
    risk 0.49cvss 6.5epss 0.90

    OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd…

  • CVE-2020-27153HigOct 15, 2020
    risk 0.49cvss 8.6epss 0.04

    In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.

  • CVE-2018-14638HigSep 14, 2018
    risk 0.49cvss 7.5epss 0.03

    A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.

  • CVE-2017-14449HigApr 24, 2018
    risk 0.49cvss 7.5epss 0.02

    A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability.

  • CVE-2018-6952HigFeb 13, 2018
    risk 0.49cvss 7.5epss 0.08

    A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

  • CVE-2015-5177HigOct 22, 2017
    risk 0.49cvss 7.5epss 0.06

    Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.

  • CVE-2017-6362HigSep 7, 2017
    risk 0.49cvss 7.5epss 0.05

    Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.

  • CVE-2017-5836HigMar 3, 2017
    risk 0.49cvss 7.5epss 0.03

    The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.

  • CVE-2006-5051HigSep 27, 2006
    risk 0.49cvss 8.1epss 0.45

    Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

  • CVE-2005-0891HigMay 2, 2005
    risk 0.49cvss 7.5epss 0.04

    Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.

  • CVE-2023-41325HigSep 15, 2023
    risk 0.48cvss 7.4epss 0.00

    OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free.…

  • CVE-2018-0102HigJan 18, 2018
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software attempts to free the same…

  • CVE-2010-3957HigDec 16, 2010
    risk 0.48cvss 7.3epss 0.02

    Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka…

  • CVE-2026-34341HigMay 12, 2026
    risk 0.46cvss 7.0epss 0.00

    Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32219HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.