Search
Total
369 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11982 | 1 Qualcomm | 56 Mdm9206, Mdm9206 Firmware, Mdm9607 and 53 more | 2018-11-23 | 8.3 HIGH | 8.8 HIGH |
| In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure. | |||||
| CVE-2015-5203 | 4 Fedoraproject, Jasper Project, Opensuse and 1 more | 5 Fedora, Jasper, Leap and 2 more | 2018-11-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | |||||
| CVE-2018-9513 | 1 Google | 1 Android | 2018-11-20 | 7.2 HIGH | 7.8 HIGH |
| In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111081202 References: N/A | |||||
| CVE-2016-8618 | 1 Haxx | 1 Curl | 2018-11-13 | 7.5 HIGH | 9.8 CRITICAL |
| The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. | |||||
| CVE-2018-11276 | 1 Google | 1 Android | 2018-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free that memory on driver probe failure, since memory allocated is automatically freed on probe. | |||||
| CVE-2018-11270 | 1 Google | 1 Android | 2018-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzalloc is automatically released by the kernel if the probe function fails with an error code. This may result in data corruption. | |||||
| CVE-2018-11273 | 1 Google | 1 Android | 2018-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, 'voice_svc_dev' is allocated as a device-managed resource. If error 'cdev_alloc_err' occurs, 'device_destroy' will free all associated resources, including 'voice_svc_dev' leading to a double free. | |||||
| CVE-2018-17097 | 1 Surina | 1 Soundtouch | 2018-11-08 | 6.8 MEDIUM | 8.8 HIGH |
| The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch. | |||||
| CVE-2017-18201 | 1 Gnu | 1 Libcdio | 2018-10-31 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c. | |||||
| CVE-2016-8693 | 3 Fedoraproject, Jasper Project, Opensuse | 3 Fedora, Jasper, Opensuse | 2018-10-30 | 6.8 MEDIUM | 7.8 HIGH |
| Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command. | |||||
| CVE-2017-5334 | 2 Gnu, Opensuse | 2 Gnutls, Leap | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. | |||||
| CVE-2018-1000216 | 1 Cjson Project | 1 Cjson | 2018-10-16 | 6.8 MEDIUM | 8.8 HIGH |
| Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3. | |||||
| CVE-2014-1767 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2018-10-12 | 7.2 HIGH | N/A |
| Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." | |||||
| CVE-2017-16820 | 1 Collectd | 1 Collectd | 2018-09-04 | 10.0 HIGH | 9.8 CRITICAL |
| The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact). | |||||
| CVE-2018-11730 | 1 Libfsntfs Project | 1 Libfsntfs | 2018-09-01 | 1.9 LOW | 5.5 MEDIUM |
| ** DISPUTED ** The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub. | |||||
| CVE-2017-8890 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2018-08-30 | 7.2 HIGH | 7.8 HIGH |
| The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. | |||||
| CVE-2017-15856 | 1 Google | 1 Android | 2018-08-27 | 4.4 MEDIUM | 7.0 HIGH |
| Due to a race condition while processing the power stats debug file to read status, a double free condition can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | |||||
| CVE-2018-14524 | 1 Gnu | 1 Libredwg | 2018-08-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs. | |||||
| CVE-2017-15843 | 1 Google | 1 Android | 2018-08-01 | 4.4 MEDIUM | 7.0 HIGH |
| Due to a race condition in a bus driver, a double free in msm_bus_floor_vote_context() can potentially occur in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2017-6074 | 1 Linux | 1 Linux Kernel | 2018-07-19 | 7.2 HIGH | 7.8 HIGH |
| The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call. | |||||
| CVE-2018-11416 | 1 Jpegoptim Project | 1 Jpegoptim | 2018-06-26 | 6.8 MEDIUM | 8.8 HIGH |
| jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-9336 | 2 Openvpn, Slackware | 2 Openvpn, Slackware Linux | 2018-06-13 | 4.6 MEDIUM | 7.8 HIGH |
| openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation. | |||||
| CVE-2018-3855 | 1 Hyland | 1 Perceptive Document Filters | 2018-06-04 | 6.8 MEDIUM | 7.8 HIGH |
| In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution. | |||||
| CVE-2018-3845 | 1 Hyland | 1 Perceptive Document Filters | 2018-06-04 | 6.8 MEDIUM | 7.8 HIGH |
| In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution. | |||||
| CVE-2018-7899 | 1 Huawei | 4 Berkeley-al20, Berkeley-al20 Firmware, Berkeley-bd and 1 more | 2018-05-22 | 7.1 HIGH | 5.5 MEDIUM |
| The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones with software Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, 1.0.0.29 has a double free vulnerability. An attacker can trick a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause system reboot. | |||||
| CVE-2018-3593 | 1 Qualcomm | 50 Mdm9206, Mdm9206 Firmware, Mdm9607 and 47 more | 2018-05-15 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, repeated enable/disable eMBMS requests may result in a double free condition. | |||||
| CVE-2015-9165 | 1 Qualcomm | 36 Ipq4019, Ipq4019 Firmware, Mdm9206 and 33 more | 2018-05-09 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, incorrect error handling could lead to a double free in QTEE file service API. | |||||
| CVE-2003-0015 | 2 Cvs, Freebsd | 2 Cvs, Freebsd | 2018-05-03 | 7.5 HIGH | N/A |
| Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands. | |||||
| CVE-2017-15826 | 1 Google | 1 Android | 2018-04-23 | 4.4 MEDIUM | 7.8 HIGH |
| Due to a race condition in MDSS rotator in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-20, a double free vulnerability may potentially exist when two threads free the same perf structures. | |||||
| CVE-2017-17320 | 1 Huawei | 2 Mate 9 Pro, Mate 9 Pro Firmware | 2018-04-13 | 9.3 HIGH | 7.8 HIGH |
| Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution. | |||||
| CVE-2018-3560 | 1 Google | 1 Android | 2018-04-04 | 4.6 MEDIUM | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Double Free vulnerability exists in Audio Driver while opening a sound compression device. | |||||
| CVE-2018-7263 | 1 Underbit | 1 Libmad | 2018-03-19 | 6.8 MEDIUM | 9.8 CRITICAL |
| The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552. | |||||
| CVE-2017-15330 | 1 Huawei | 2 Vicky-al00a, Vicky-al00a Firmware | 2018-03-07 | 7.1 HIGH | 5.5 MEDIUM |
| The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167 has a double free vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability. Successful exploitation may cause denial of service (DoS) attack. | |||||
| CVE-2017-18120 | 1 Gifsicle Project | 1 Gifsicle | 2018-02-14 | 6.8 MEDIUM | 7.8 HIGH |
| A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421. | |||||
| CVE-2017-1000231 | 1 Nlnetlabs | 1 Ldns | 2018-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors. | |||||
| CVE-2017-13181 | 1 Google | 1 Android | 2018-02-02 | 7.2 HIGH | 7.8 HIGH |
| In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to not NULLing out a freed pointer. This could lead to an local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67864232. | |||||
| CVE-2017-9705 | 1 Google | 1 Android | 2018-01-26 | 4.6 MEDIUM | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, concurrent rx notifications and read() operations in the G-Link PKT driver can result in a double free condition due to missing locking resulting in list_del() and list_add() overlapping and corrupting the next and previous pointers. | |||||
| CVE-2017-7393 | 1 Tigervnc | 1 Tigervnc | 2018-01-13 | 6.5 MEDIUM | 8.8 HIGH |
| In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution. | |||||
| CVE-2017-15316 | 1 Huawei | 4 Mate 9, Mate 9 Firmware, Mate 9 Pro and 1 more | 2018-01-05 | 9.3 HIGH | 7.8 HIGH |
| The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution. | |||||
| CVE-2016-9806 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 7.2 HIGH | 7.8 HIGH |
| Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated. | |||||
| CVE-2016-5768 | 1 Php | 1 Php | 2018-01-05 | 7.5 HIGH | 9.8 CRITICAL |
| Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception. | |||||
| CVE-2017-2636 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 7.2 HIGH | 7.8 HIGH |
| Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. | |||||
| CVE-2017-8141 | 1 Huawei | 2 P10 Plus, P10 Plus Firmware | 2017-12-11 | 9.3 HIGH | 7.8 HIGH |
| The Touch Panel (TP) driver in P10 Plus smart phones with software versions earlier than VKY-AL00C00B153 has a memory double free vulnerability. An attacker with the root privilege of the Android system tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution. | |||||
| CVE-2017-8140 | 1 Huawei | 2 P9 Plus, P9 Plus Firmware | 2017-12-11 | 9.3 HIGH | 7.8 HIGH |
| The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution. | |||||
| CVE-2017-11032 | 1 Google | 1 Android | 2017-11-30 | 4.6 MEDIUM | 7.8 HIGH |
| In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a double free can occur when kmalloc fails to allocate memory for pointers resp/req in the service-locator driver function service_locator_send_msg(). | |||||
| CVE-2017-15186 | 1 Ffmpeg | 1 Ffmpeg | 2017-11-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. | |||||
| CVE-2015-5177 | 2 Debian, Openslp | 2 Debian Linux, Openslp | 2017-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package. | |||||
| CVE-2017-6353 | 1 Linux | 1 Linux Kernel | 2017-11-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986. | |||||
| CVE-2017-10914 | 1 Xen | 1 Xen | 2017-11-04 | 6.8 MEDIUM | 8.1 HIGH |
| The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2. | |||||
| CVE-2016-6912 | 1 Libgd | 1 Libgd | 2017-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values. | |||||