CVE & Exploit Intelligence Database

CVE-2022-25717 6.7 MEDIUM EPSS 0.00

Memory corruption in display due to double free while allocating frame buffer memory

CWE-415 Jan 09, 2023

CVE-2022-47975 7.5 HIGH EPSS 0.00

The DUBAI module has a double free vulnerability. Successful exploitation of this vulnerability may affect system availability.

CWE-415 Jan 06, 2023

CVE-2022-44640 9.8 CRITICAL EPSS 0.02

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).

CWE-415 Dec 25, 2022

CVE-2022-40304 7.8 HIGH EXPLOITED EPSS 0.00

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

CWE-415 Nov 23, 2022

CVE-2022-3238 7.8 HIGH EPSS 0.00

A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CWE-415 Nov 14, 2022

CVE-2022-32614 6.7 MEDIUM EPSS 0.00

In audio, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310571; Issue ID: ALPS07310571.

CWE-415 Nov 08, 2022

CVE-2021-39432 6.5 MEDIUM 1 Writeup EPSS 0.00

diplib v3.0.0 is vulnerable to Double Free.

CWE-415 Nov 04, 2022

CVE-2022-42915 8.1 HIGH EPSS 0.01

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.

CWE-415 Oct 29, 2022

CVE-2022-32574 6.5 MEDIUM EPSS 0.01

A double-free vulnerability exists in the web interface /action/ipcamSetParamPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CWE-415 Oct 25, 2022

CVE-2022-25750 8.4 HIGH EPSS 0.00

Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile

CWE-415 Oct 19, 2022

CVE-2022-25660 7.8 HIGH EPSS 0.00

Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

CWE-415 Oct 19, 2022

CVE-2022-3595 3.5 LOW EPSS 0.00

A vulnerability was found in Linux Kernel. It has been rated as problematic. Affected by this issue is the function sess_free_buffer of the file fs/cifs/sess.c of the component CIFS Handler. The manipulation leads to double free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211364.

CWE-119 Oct 18, 2022

CVE-2022-0699 9.8 CRITICAL 1 Writeup EPSS 0.01

A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.

CWE-415 Oct 17, 2022

CVE-2019-5797 7.5 HIGH 1 PoC Analysis EPSS 0.03

Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CWE-415 Sep 29, 2022

CVE-2022-39002 9.8 CRITICAL EPSS 0.00

Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice.

CWE-415 Sep 16, 2022

CVE-2022-36043 7.8 HIGH 1 Writeup EPSS 0.00

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to a double free in bobj.c:rz_bin_reloc_storage_free() when freeing relocations generated from qnx binary plugin. A user opening a malicious qnx binary could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number a3d50c1ea185f3f642f2d8180715f82d98840784 contains a patch for this issue.

CWE-415 Sep 06, 2022

CVE-2022-25668 7.3 HIGH EPSS 0.00

Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE-415 Sep 02, 2022

CVE-2022-39170 8.8 HIGH 1 Writeup EPSS 0.01

libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.

CWE-415 Sep 02, 2022

CVE-2022-2519 6.5 MEDIUM EPSS 0.00

There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1

CWE-415 Aug 31, 2022

CVE-2020-27794 9.1 CRITICAL 1 Writeup EPSS 0.00

A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash.

CWE-415 Aug 19, 2022