Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-415
Total 396 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-36223 3 Apple, Debian, Openldap 4 Mac Os X, Macos, Debian Linux and 1 more 2022-04-13 5.0 MEDIUM 7.5 HIGH
A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).
CVE-2020-27153 3 Bluez, Debian, Opensuse 3 Bluez, Debian Linux, Leap 2022-04-05 7.5 HIGH 8.6 HIGH
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.
CVE-2021-39725 1 Google 1 Android 2022-03-23 4.6 MEDIUM 6.7 MEDIUM
In gasket_free_coherent_memory_all of gasket_page_table.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151454974References: N/A
CVE-2020-16590 2 Gnu, Netapp 2 Binutils, Ontap Select Deploy Administration Utility 2022-03-23 4.3 MEDIUM 5.5 MEDIUM
A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.
CVE-2021-42533 1 Adobe 1 Bridge 2022-03-22 6.8 MEDIUM 7.8 HIGH
Adobe Bridge version 11.1.1 (and earlier) is affected by a double free vulnerability when parsing a crafted DCM file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.
CVE-2021-23158 1 Htmldoc Project 1 Htmldoc 2022-03-22 7.5 HIGH 9.8 CRITICAL
A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service.
CVE-2020-36123 1 Libsixel Project 1 Libsixel 2022-03-11 6.8 MEDIUM 8.8 HIGH
saitoha libsixel v1.8.6 was discovered to contain a double free via the component sixel_chunk_destroy at /root/libsixel/src/chunk.c.
CVE-2015-8880 1 Php 1 Php 2022-03-01 10.0 HIGH 9.8 CRITICAL
Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error.
CVE-2021-46700 1 Libsixel Project 1 Libsixel 2022-03-01 4.3 MEDIUM 6.5 MEDIUM
In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.
CVE-2021-46625 1 Bentley 2 Microstation, View 2022-02-28 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15455.
CVE-2021-46621 1 Bentley 3 Microstation, Microstation Connect, View 2022-02-28 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15415.
CVE-2008-2944 3 Fedoraproject, Linux, Redhat 3 Fedora Core, Linux Kernel, Enterprise Linux 2022-02-07 4.9 MEDIUM N/A
Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different vulnerability than CVE-2008-2365.
CVE-2022-23012 1 F5 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more 2022-02-01 7.1 HIGH 7.5 HIGH
On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2021-37529 2 Debian, Fig2dev Project 2 Debian Linux, Fig2dev 2022-01-19 4.3 MEDIUM 5.5 MEDIUM
A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).
CVE-2021-40574 1 Gpac 1 Gpac 2022-01-14 6.8 MEDIUM 7.8 HIGH
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
CVE-2021-40572 1 Gpac 1 Gpac 2022-01-14 4.3 MEDIUM 5.5 MEDIUM
The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service.
CVE-2021-40573 1 Gpac 1 Gpac 2022-01-14 4.3 MEDIUM 5.5 MEDIUM
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service.
CVE-2021-40571 1 Gpac 1 Gpac 2022-01-14 6.8 MEDIUM 7.8 HIGH
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
CVE-2021-40570 1 Gpac 1 Gpac 2022-01-14 6.8 MEDIUM 7.8 HIGH
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
CVE-2021-40569 1 Gpac 1 Gpac 2022-01-14 4.3 MEDIUM 5.5 MEDIUM
The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which allows attackers to cause a denial of service.