CWE-415
Double Free
Description
The product calls free() twice on the same memory address.
Hierarchy (View 1000)
CVEs mapped to this weakness (275)
page 6 of 14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-8693 | Hig | 0.51 | 7.8 | 0.03 | Feb 15, 2017 | Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command. | ||
| CVE-2016-9806 | Hig | 0.51 | 7.8 | 0.00 | Dec 28, 2016 | Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to… | ||
| CVE-2016-5384 | Hig | 0.51 | 7.8 | 0.00 | Aug 13, 2016 | fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file. | ||
| CVE-2026-43249 | Hig | 0.50 | 8.8 | 0.00 | May 6, 2026 | In the Linux kernel, the following vulnerability has been resolved: 9p/xen: protect xen_9pfs_front_free against concurrent calls The xenwatch thread can race with other back-end change notifications and call xen_9pfs_front_free() twice, hitting the observed general protection… | ||
| CVE-2016-1516 | Hig | 0.50 | 8.8 | 0.02 | Apr 10, 2017 | OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code. | ||
| CVE-2023-25136 | Med | 0.49 | 6.5 | 0.90 | Feb 3, 2023 | OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd… | ||
| CVE-2020-27153 | Hig | 0.49 | 8.6 | 0.04 | Oct 15, 2020 | In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. | ||
| CVE-2018-14638 | Hig | 0.49 | 7.5 | 0.03 | Sep 14, 2018 | A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service. | ||
| CVE-2017-14449 | Hig | 0.49 | 7.5 | 0.02 | Apr 24, 2018 | A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability. | ||
| CVE-2018-6952 | Hig | 0.49 | 7.5 | 0.08 | Feb 13, 2018 | A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. | ||
| CVE-2015-5177 | Hig | 0.49 | 7.5 | 0.06 | Oct 22, 2017 | Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package. | ||
| CVE-2017-6362 | Hig | 0.49 | 7.5 | 0.05 | Sep 7, 2017 | Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. | ||
| CVE-2017-5836 | Hig | 0.49 | 7.5 | 0.03 | Mar 3, 2017 | The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free. | ||
| CVE-2006-5051 | Hig | 0.49 | 8.1 | 0.45 | Sep 27, 2006 | Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. | ||
| CVE-2005-0891 | Hig | 0.49 | 7.5 | 0.04 | May 2, 2005 | Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image. | ||
| CVE-2023-41325 | Hig | 0.48 | 7.4 | 0.00 | Sep 15, 2023 | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free.… | ||
| CVE-2018-0102 | Hig | 0.48 | 7.4 | 0.01 | Jan 18, 2018 | A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software attempts to free the same… | ||
| CVE-2010-3957 | Hig | 0.48 | 7.3 | 0.02 | Dec 16, 2010 | Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka… | ||
| CVE-2026-34341 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32219 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. |
- risk 0.51cvss 7.8epss 0.03
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
- risk 0.51cvss 7.8epss 0.00
Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to…
- risk 0.51cvss 7.8epss 0.00
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
- risk 0.50cvss 8.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: 9p/xen: protect xen_9pfs_front_free against concurrent calls The xenwatch thread can race with other back-end change notifications and call xen_9pfs_front_free() twice, hitting the observed general protection…
- risk 0.50cvss 8.8epss 0.02
OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.
- risk 0.49cvss 6.5epss 0.90
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd…
- risk 0.49cvss 8.6epss 0.04
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.
- risk 0.49cvss 7.5epss 0.03
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
- risk 0.49cvss 7.5epss 0.02
A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability.
- risk 0.49cvss 7.5epss 0.08
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
- risk 0.49cvss 7.5epss 0.06
Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.
- risk 0.49cvss 7.5epss 0.05
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.
- risk 0.49cvss 7.5epss 0.03
The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.
- risk 0.49cvss 8.1epss 0.45
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
- risk 0.49cvss 7.5epss 0.04
Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
- risk 0.48cvss 7.4epss 0.00
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free.…
- risk 0.48cvss 7.4epss 0.01
A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software attempts to free the same…
- risk 0.48cvss 7.3epss 0.02
Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka…
- risk 0.46cvss 7.0epss 0.00
Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.