CVE & Exploit Intelligence Database

CVE-2018-12841 7.8 HIGH EPSS 0.03

Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution.

CWE-415 Oct 12, 2018

CVE-2018-0469 6.8 MEDIUM EPSS 0.01

A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker could exploit this vulnerability by sending specific HTTP requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network.

CWE-415 Oct 05, 2018

CVE-2018-9513 7.8 HIGH EPSS 0.00

In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111081202 References: N/A

CWE-415 Oct 02, 2018

CVE-2018-4000 7.8 HIGH EPSS 0.00

An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope. An attacker must convince a victim to open a document in order to trigger this vulnerability.

CWE-415 Oct 01, 2018

CVE-2018-17825 9.8 CRITICAL EPSS 0.00

An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE.

CWE-415 Oct 01, 2018

CVE-2018-11982 8.8 HIGH EPSS 0.00

In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure.

CWE-415 Sep 20, 2018

CVE-2018-11840 7.8 HIGH EPSS 0.00

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the WLAN driver command ioctl a temporary buffer used to construct the reply message may be freed twice.

CWE-415 Sep 18, 2018

CVE-2018-11276 7.8 HIGH EPSS 0.00

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free that memory on driver probe failure, since memory allocated is automatically freed on probe.

CWE-415 Sep 18, 2018

CVE-2018-11273 7.8 HIGH EPSS 0.00

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, 'voice_svc_dev' is allocated as a device-managed resource. If error 'cdev_alloc_err' occurs, 'device_destroy' will free all associated resources, including 'voice_svc_dev' leading to a double free.

CWE-415 Sep 18, 2018

CVE-2018-11270 7.8 HIGH EPSS 0.00

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzalloc is automatically released by the kernel if the probe function fails with an error code. This may result in data corruption.

CWE-415 Sep 18, 2018

CVE-2018-17097 8.8 HIGH 1 Writeup EPSS 0.01

The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch.

CWE-415 Sep 16, 2018

CVE-2018-14638 7.5 HIGH EPSS 0.01

A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.

CWE-415 Sep 14, 2018

CVE-2018-16425 6.6 MEDIUM 1 Writeup EPSS 0.00

A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

CWE-415 Sep 04, 2018

CVE-2018-16424 6.6 MEDIUM 1 Writeup EPSS 0.00

A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

CWE-415 Sep 04, 2018

CVE-2018-16423 6.6 MEDIUM 1 Writeup EPSS 0.00

A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

CWE-415 Sep 04, 2018

CVE-2018-16402 9.8 CRITICAL EPSS 0.02

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.

CWE-415 Sep 03, 2018

CVE-2018-10902 7.8 HIGH EPSS 0.00

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.

CWE-415 Aug 21, 2018

CVE-2018-1000222 8.8 HIGH EPSS 0.01

Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.

CWE-415 Aug 20, 2018

CVE-2018-1000216 8.8 HIGH EPSS 0.00

Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3.

CWE-415 Aug 20, 2018

CVE-2016-8619 5.3 MEDIUM EPSS 0.02

The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.

CWE-415 Aug 01, 2018