CVE & Exploit Intelligence Database

CVE-2019-15212 4.6 MEDIUM EPSS 0.00

An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.

CWE-415 Aug 19, 2019

CVE-2019-15151 9.8 CRITICAL EPSS 0.01

AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h.

CWE-415 Aug 18, 2019

CVE-2019-1144 8.8 HIGH 1 PoC Analysis EPSS 0.42

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.

CWE-415 Aug 14, 2019

CVE-2019-5236 6.3 MEDIUM EPSS 0.00

Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An attacker can trick a user to click a URL to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal.

CWE-415 Aug 08, 2019

CVE-2018-20961 9.8 CRITICAL 1 Writeup EPSS 0.06

In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.

CWE-415 Aug 07, 2019

CVE-2019-13105 7.8 HIGH EPSS 0.00

Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.

CWE-415 Aug 06, 2019

CVE-2019-5460 5.5 MEDIUM EPSS 0.01

Double Free in VLC versions <= 3.0.6 leads to a crash.

CWE-415 Jul 30, 2019

CVE-2019-1020014 5.5 MEDIUM 1 Writeup EPSS 0.00

docker-credential-helpers before 0.6.3 has a double free in the List functions.

CWE-415 Jul 29, 2019

CVE-2019-3896 7.0 HIGH EPSS 0.00

A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).

CWE-415 Jun 19, 2019

CVE-2019-12874 9.8 CRITICAL EPSS 0.01

An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.

CWE-415 Jun 18, 2019

CVE-2019-12865 5.5 MEDIUM EPSS 0.00

In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.

CWE-415 Jun 17, 2019

CVE-2018-11947 5.5 MEDIUM EPSS 0.00

The txrx stats req might be double freed in the pdev detach when the host driver is unloading in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8064, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

CWE-415 Jun 14, 2019

CVE-2019-2096 7.8 HIGH EPSS 0.00

In EffectRelease of EffectBundle.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-123237974.

CWE-415 Jun 07, 2019

CVE-2019-5305 5.5 MEDIUM EPSS 0.00

The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash.

CWE-415 Jun 06, 2019

CVE-2019-5219 5.5 MEDIUM EPSS 0.00

There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition.

CWE-415 Jun 06, 2019

CVE-2019-7080 9.8 CRITICAL EPSS 0.03

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution .

CWE-415 May 24, 2019

CVE-2019-2247 7.8 HIGH EPSS 0.00

Possibility of double free issue while running multiple instances of smp2p test because of proper protection is missing while using global variable in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

CWE-415 May 24, 2019

CVE-2016-9969 7.5 HIGH EPSS 0.00

In libwebp 0.5.1, there is a double free bug in libwebpmux.

CWE-415 May 23, 2019

CVE-2019-7784 9.8 CRITICAL EPSS 0.05

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution.

CWE-415 May 22, 2019

CVE-2019-12219 8.8 HIGH EPSS 0.01

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c.

CWE-415 May 20, 2019