Vulnerabilities (CVE)

Filtered by CWE-415
Total 603 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-18751 3 Canonical, Gnu, Redhat 3 Ubuntu Linux, Gettext, Enterprise Linux 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
CVE-2018-18718 2 Debian, Gnome 2 Debian Linux, Gthumb 2024-11-21 4.6 MEDIUM 7.8 HIGH
An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer.
CVE-2018-17825 2 Adplug Project, Fedoraproject 2 Adplug, Fedora 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE.
CVE-2018-17097 1 Surina 1 Soundtouch 2024-11-21 6.8 MEDIUM 8.8 HIGH
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch.
CVE-2018-16841 3 Canonical, Debian, Samba 3 Ubuntu Linux, Debian Linux, Samba 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.
CVE-2018-16425 1 Opensc Project 1 Opensc 2024-11-21 4.6 MEDIUM 6.6 MEDIUM
A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16424 1 Opensc Project 1 Opensc 2024-11-21 4.6 MEDIUM 6.6 MEDIUM
A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16423 1 Opensc Project 1 Opensc 2024-11-21 4.6 MEDIUM 6.6 MEDIUM
A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16402 5 Canonical, Debian, Elfutils Project and 2 more 7 Ubuntu Linux, Debian Linux, Elfutils and 4 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
CVE-2018-15518 3 Debian, Opensuse, Qt 3 Debian Linux, Leap, Qt 2024-11-21 6.8 MEDIUM 8.8 HIGH
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
CVE-2018-14638 2 Fedoraproject, Redhat 7 389 Directory Server, Enterprise Linux Aus, Enterprise Linux Desktop and 4 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
CVE-2018-14524 1 Gnu 1 Libredwg 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.
CVE-2018-14054 1 Techsmith 1 Mp4v2 2024-11-21 7.5 HIGH 9.8 CRITICAL
A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered.
CVE-2018-12841 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more 2024-11-21 9.3 HIGH 7.8 HIGH
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2018-12782 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-11987 1 Google 1 Android 2024-11-21 4.6 MEDIUM 7.8 HIGH
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic.
CVE-2018-11982 1 Qualcomm 56 Mdm9206, Mdm9206 Firmware, Mdm9607 and 53 more 2024-11-21 8.3 HIGH 8.8 HIGH
In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure.
CVE-2018-11947 1 Qualcomm 84 Ipq8064, Ipq8064 Firmware, Mdm9150 and 81 more 2024-11-21 2.1 LOW 5.5 MEDIUM
The txrx stats req might be double freed in the pdev detach when the host driver is unloading in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8064, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24
CVE-2018-11918 1 Google 1 Android 2024-11-21 4.6 MEDIUM 7.8 HIGH
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated is automatically released by the kernel if the 'probe' function fails with an error code.
CVE-2018-11840 1 Google 1 Android 2024-11-21 7.2 HIGH 7.8 HIGH
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the WLAN driver command ioctl a temporary buffer used to construct the reply message may be freed twice.