CWE-415
Double Free
VariantDraftLikelihood: High
Description
The product calls free() twice on the same memory address.
Hierarchy (View 1000)
CVEs mapped to this weakness (156)
page 7 of 8| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-7521 | Med | 0.38 | 5.9 | 0.01 | Jun 27, 2017 | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension(). | |
| CVE-2026-5657 | Med | 0.36 | 5.5 | 0.00 | Apr 30, 2026 | iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |
| CVE-2026-34867 | Med | 0.36 | 5.6 | 0.00 | Apr 13, 2026 | Double free vulnerability in the multi-mode input system. Impact: Successful exploitation of this vulnerability may affect availability. | |
| CVE-2025-43282 | Med | 0.36 | 5.5 | 0.00 | Oct 15, 2025 | A double free issue was addressed with improved memory management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to cause unexpected system termination. | |
| CVE-2017-15364 | Med | 0.36 | 5.5 | 0.00 | Oct 15, 2017 | The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. NOTE: This has been disputed and it is argued that this is not present in version 1.1.0. | |
| CVE-2015-5203 | Med | 0.36 | 5.5 | 0.01 | Aug 2, 2017 | Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | |
| CVE-2014-9807 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2017 | The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors. | |
| CVE-2015-8894 | Med | 0.36 | 5.5 | 0.00 | Mar 15, 2017 | Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file. | |
| CVE-2017-6353 | Med | 0.36 | 5.5 | 0.00 | Mar 1, 2017 | net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986. | |
| CVE-2025-32988 | Med | 0.35 | 6.5 | 0.00 | Jul 10, 2025 | A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior. | |
| CVE-2025-4574 | Med | 0.35 | 6.5 | 0.00 | May 13, 2025 | In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption. | |
| CVE-2025-31241 | Med | 0.35 | 5.3 | 0.01 | May 12, 2025 | A double free issue was addressed with improved memory management. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may cause an unexpected app termination. | |
| CVE-2026-5186 | Med | 0.34 | 5.3 | 0.00 | Mar 31, 2026 | A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF File Handler. This manipulation causes double free. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2026-33995 | Med | 0.34 | 5.3 | 0.00 | Mar 30, 2026 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() (WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c) can cause a crash in any FreeRDP clients on systems where Kerberos and/or Kerberos U2U is configured (Samba AD member, or krb5 for NFS). The crash is triggered during NLA connection teardown and requires a failed authentication attempt. This issue has been patched in version 3.24.2. | |
| CVE-2025-8585 | Med | 0.34 | 5.3 | 0.00 | Aug 5, 2025 | A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer. | |
| CVE-2026-6654 | Med | 0.33 | 5.1 | 0.00 | Apr 20, 2026 | Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero. | |
| CVE-2026-23868 | Med | 0.33 | 5.1 | 0.00 | Mar 10, 2026 | Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible. | |
| CVE-2025-2925 | Low | 0.21 | 3.3 | 0.00 | Mar 28, 2025 | A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | |
| CVE-2026-44348 | Low | 0.16 | 2.5 | 0.00 | May 14, 2026 | PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap corruption. This vulnerability is fixed in 1.0.4. | |
| CVE-2025-13566 | Low | 0.14 | 3.3 | 0.00 | Nov 23, 2025 | A security vulnerability has been detected in jarun nnn up to 5.1. The impacted element is the function show_content_in_floating_window/run_cmd_as_plugin of the file nnn/src/nnn.c. The manipulation leads to double free. An attack has to be approached locally. The identifier of the patch is 2f07ccdf21e705377862e5f9dfa31e1694979ac7. It is suggested to install a patch to address this issue. |