Total
483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6978 | 3 Canonical, Debian, Libgd | 3 Ubuntu Linux, Debian Linux, Libgd | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. | |||||
| CVE-2019-5481 | 6 Debian, Fedoraproject, Haxx and 3 more | 13 Debian Linux, Fedora, Curl and 10 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. | |||||
| CVE-2019-3829 | 2 Fedoraproject, Gnu | 2 Fedora, Gnutls | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. | |||||
| CVE-2019-2126 | 4 Canonical, Fedoraproject, Google and 1 more | 4 Ubuntu Linux, Fedora, Android and 1 more | 2023-11-07 | 9.3 HIGH | 8.8 HIGH |
| In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368. | |||||
| CVE-2019-19005 | 2 Autotrace Project, Fedoraproject | 2 Autotrace, Fedora | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182. | |||||
| CVE-2019-18874 | 1 Psutil Project | 1 Psutil | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. | |||||
| CVE-2019-17545 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Backports Sle and 3 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | |||||
| CVE-2019-15504 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir). | |||||
| CVE-2019-15151 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h. | |||||
| CVE-2019-12874 | 1 Videolan | 1 Vlc Media Player | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free. | |||||
| CVE-2019-12865 | 1 Radare | 1 Radare2 | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command. | |||||
| CVE-2019-12219 | 1 Libsdl | 2 Sdl2 Image, Simple Directmedia Layer | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c. | |||||
| CVE-2019-11049 | 5 Debian, Fedoraproject, Microsoft and 2 more | 5 Debian Linux, Fedora, Windows and 2 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations. | |||||
| CVE-2019-1020014 | 3 Canonical, Docker, Fedoraproject | 3 Ubuntu Linux, Credential Helpers, Fedora | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| docker-credential-helpers before 0.6.3 has a double free in the List functions. | |||||
| CVE-2018-20961 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact. | |||||
| CVE-2018-17825 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE. | |||||
| CVE-2018-16402 | 5 Canonical, Debian, Elfutils Project and 2 more | 7 Ubuntu Linux, Debian Linux, Elfutils and 4 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. | |||||
| CVE-2018-14054 | 1 Techsmith | 1 Mp4v2 | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered. | |||||
| CVE-2018-11243 | 1 Upx Project | 1 Upx | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2018-1000877 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. | |||||