Vulnerabilities (CVE)

Filtered by CWE-415
Total 603 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-5506 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2025-04-20 6.8 MEDIUM 7.8 HIGH
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.
CVE-2014-9807 1 Imagemagick 1 Imagemagick 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors.
CVE-2017-15316 1 Huawei 4 Mate 9, Mate 9 Firmware, Mate 9 Pro and 1 more 2025-04-20 9.3 HIGH 7.8 HIGH
The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution.
CVE-2017-7373 1 Google 1 Android 2025-04-20 9.3 HIGH 7.8 HIGH
In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver.
CVE-2017-11462 2 Fedoraproject, Mit 2 Fedora, Kerberos 5 2025-04-20 7.5 HIGH 9.8 CRITICAL
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
CVE-2016-3177 1 Giflib Project 1 Giflib 2025-04-20 7.5 HIGH 9.8 CRITICAL
Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors.
CVE-2017-2425 1 Apple 1 Mac Os X 2025-04-20 6.8 MEDIUM 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "SecurityFoundation" component. A double free vulnerability allows remote attackers to execute arbitrary code via a crafted certificate.
CVE-2017-8141 1 Huawei 2 P10 Plus, P10 Plus Firmware 2025-04-20 9.3 HIGH 7.8 HIGH
The Touch Panel (TP) driver in P10 Plus smart phones with software versions earlier than VKY-AL00C00B153 has a memory double free vulnerability. An attacker with the root privilege of the Android system tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution.
CVE-2016-1516 2 Debian, Opencv 2 Debian Linux, Opencv 2025-04-20 6.8 MEDIUM 8.8 HIGH
OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.
CVE-2017-12858 1 Libzip 1 Libzip 2025-04-20 7.5 HIGH 9.8 CRITICAL
Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.
CVE-2015-9007 1 Google 1 Android 2025-04-20 9.3 HIGH 7.8 HIGH
In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist.
CVE-2017-8265 1 Google 1 Android 2025-04-20 5.1 MEDIUM 7.0 HIGH
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free.
CVE-2015-7700 1 Pngcrush Project 1 Pngcrush 2025-04-20 7.5 HIGH 9.8 CRITICAL
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors.
CVE-2017-7393 1 Tigervnc 1 Tigervnc 2025-04-20 6.5 MEDIUM 8.8 HIGH
In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.
CVE-2017-10950 1 Bitdefender 1 Total Security 2025-04-20 6.9 MEDIUM 7.0 HIGH
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0.24.62. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within processing of the 0x8000E038 IOCTL in the bdfwfpf driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker could leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-4776.
CVE-2017-5334 2 Gnu, Opensuse 2 Gnutls, Leap 2025-04-20 7.5 HIGH 9.8 CRITICAL
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.
CVE-2017-15186 1 Ffmpeg 1 Ffmpeg 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.
CVE-2017-15364 1 Ccsv Project 1 Ccsv 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. NOTE: This has been disputed and it is argued that this is not present in version 1.1.0.
CVE-2015-1207 2 Debian, Google 2 Debian Linux, Chrome 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.
CVE-2016-8693 3 Fedoraproject, Jasper Project, Opensuse 3 Fedora, Jasper, Opensuse 2025-04-20 6.8 MEDIUM 7.8 HIGH
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.