VYPR

CWE-415

Double Free

VariantDraftLikelihood: High

Description

The product calls free() twice on the same memory address.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (275)

page 9 of 14
  • CVE-2017-9287MedMay 29, 2017
    risk 0.43cvss 6.5epss 0.07

    servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.

  • CVE-2026-44422HigMay 29, 2026
    risk 0.42cvss 7.5epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is…

  • CVE-2026-33811HigMay 7, 2026
    risk 0.42cvss 7.5epss 0.01

    When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

  • CVE-2026-4358MedMar 17, 2026
    risk 0.42cvss 6.4epss 0.00

    A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution (SBE) engine when an in-memory hash table is spilled to disk.

  • CVE-2025-5351MedJul 4, 2025
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free…

  • CVE-2025-31235MedMay 12, 2025
    risk 0.42cvss 6.5epss 0.00

    A double free issue was addressed with improved memory management. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to cause unexpected system termination.

  • CVE-2021-46700MedFeb 19, 2022
    risk 0.42cvss 6.5epss 0.01

    In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.

  • CVE-2017-15186MedOct 24, 2017
    risk 0.42cvss 6.5epss 0.02

    Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.

  • CVE-2015-1239MedOct 18, 2017
    risk 0.42cvss 6.5epss 0.01

    Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.

  • CVE-2017-12925MedAug 28, 2017
    risk 0.42cvss 6.5epss 0.01

    Double free vulnerability in DfFromLB in docfile.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image.

  • CVE-2015-1207MedJun 6, 2017
    risk 0.42cvss 6.5epss 0.01

    Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.

  • CVE-2018-0160MedMar 28, 2018
    risk 0.41cvss 6.3epss 0.02

    A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of memory resources, referred to as a…

  • CVE-2015-8962HigNov 16, 2016
    risk 0.41cvss 7.3epss 0.02

    Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call.

  • CVE-2026-46164HigMay 28, 2026
    risk 0.39cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in create_space_info_sub_group() error path When kobject_init_and_add() fails, the call chain is: create_space_info_sub_group() -> btrfs_sysfs_add_space_info_type() ->…

  • CVE-2024-3187MedOct 17, 2024
    risk 0.39cvss 5.9epss 0.00

    This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVASCRIPT flag is enabled, a remote…

  • CVE-2017-6166MedNov 22, 2017
    risk 0.39cvss 5.9epss 0.02

    In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured…

  • CVE-2017-7521MedJun 27, 2017
    risk 0.39cvss 5.9epss 0.04

    OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().

  • CVE-2026-46690MedJun 12, 2026
    risk 0.38cvss 5.8epss 0.00

    unbounded_spsc is an "unbounded" extension of bounded_spsc_queue. In versions 0.2.0 and prior, sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race. At time of publication, there are no publicly available patches.

  • CVE-2026-20026MedJan 7, 2026
    risk 0.38cvss 5.8epss 0.01

    Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet…

  • CVE-2025-8058MedJul 23, 2025
    risk 0.38cvss epss 0.00

    The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow…