Total
603 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-5506 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file. | |||||
CVE-2014-9807 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors. | |||||
CVE-2017-15316 | 1 Huawei | 4 Mate 9, Mate 9 Firmware, Mate 9 Pro and 1 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution. | |||||
CVE-2017-7373 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver. | |||||
CVE-2017-11462 | 2 Fedoraproject, Mit | 2 Fedora, Kerberos 5 | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. | |||||
CVE-2016-3177 | 1 Giflib Project | 1 Giflib | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors. | |||||
CVE-2017-2425 | 1 Apple | 1 Mac Os X | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "SecurityFoundation" component. A double free vulnerability allows remote attackers to execute arbitrary code via a crafted certificate. | |||||
CVE-2017-8141 | 1 Huawei | 2 P10 Plus, P10 Plus Firmware | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
The Touch Panel (TP) driver in P10 Plus smart phones with software versions earlier than VKY-AL00C00B153 has a memory double free vulnerability. An attacker with the root privilege of the Android system tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution. | |||||
CVE-2016-1516 | 2 Debian, Opencv | 2 Debian Linux, Opencv | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code. | |||||
CVE-2017-12858 | 1 Libzip | 1 Libzip | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors. | |||||
CVE-2015-9007 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist. | |||||
CVE-2017-8265 | 1 Google | 1 Android | 2025-04-20 | 5.1 MEDIUM | 7.0 HIGH |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free. | |||||
CVE-2015-7700 | 1 Pngcrush Project | 1 Pngcrush | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors. | |||||
CVE-2017-7393 | 1 Tigervnc | 1 Tigervnc | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution. | |||||
CVE-2017-10950 | 1 Bitdefender | 1 Total Security | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0.24.62. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within processing of the 0x8000E038 IOCTL in the bdfwfpf driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker could leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-4776. | |||||
CVE-2017-5334 | 2 Gnu, Opensuse | 2 Gnutls, Leap | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. | |||||
CVE-2017-15186 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. | |||||
CVE-2017-15364 | 1 Ccsv Project | 1 Ccsv | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. NOTE: This has been disputed and it is argued that this is not present in version 1.1.0. | |||||
CVE-2015-1207 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file. | |||||
CVE-2016-8693 | 3 Fedoraproject, Jasper Project, Opensuse | 3 Fedora, Jasper, Opensuse | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command. |