CVE & Exploit Intelligence Database

CVE-2017-8140 7.8 HIGH EPSS 0.00

The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution.

CWE-415 Nov 22, 2017

CVE-2017-6166 5.9 MEDIUM EPSS 0.01

In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device.

CWE-415 Nov 22, 2017

CVE-2017-1000232 9.8 CRITICAL EPSS 0.00

A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.

CWE-415 Nov 17, 2017

CVE-2017-1000231 9.8 CRITICAL EPSS 0.01

A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.

CWE-415 Nov 17, 2017

CVE-2017-11032 7.8 HIGH EPSS 0.00

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a double free can occur when kmalloc fails to allocate memory for pointers resp/req in the service-locator driver function service_locator_send_msg().

CWE-415 Nov 16, 2017

CVE-2017-16820 9.8 CRITICAL 1 Writeup EPSS 0.03

The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).

CWE-415 Nov 14, 2017

CVE-2017-15186 6.5 MEDIUM EPSS 0.01

Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.

CWE-415 Oct 24, 2017

CVE-2015-5177 7.5 HIGH EPSS 0.01

Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.

CWE-415 Oct 22, 2017

CVE-2015-1239 6.5 MEDIUM EPSS 0.01

Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.

CWE-415 Oct 18, 2017

CVE-2017-14952 9.8 CRITICAL EPSS 0.03

Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue.

CWE-415 Oct 16, 2017

CVE-2017-15364 5.5 MEDIUM 1 Writeup EPSS 0.00

The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. NOTE: This has been disputed and it is argued that this is not present in version 1.1.0.

CWE-415 Oct 15, 2017

CVE-2017-9687 7.8 HIGH EPSS 0.00

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, two concurrent threads/processes can write the value of "0" to the debugfs file that controls ipa ipc log which will lead to the double-free in ipc_log_context_destroy(). Another issue is the Use-After-Free which can happen due to the race condition when the ipc log is deallocated via the debugfs call during a log print.

CWE-415 Oct 10, 2017

CVE-2017-9686 7.8 HIGH EPSS 0.00

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possible double free/use after free in the SPS driver when debugfs logging is used.

CWE-415 Oct 10, 2017

CVE-2017-11462 9.8 CRITICAL 1 Writeup EPSS 0.01

Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.

CWE-415 Sep 13, 2017

CVE-2017-6362 7.5 HIGH EPSS 0.02

Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.

CWE-415 Sep 07, 2017

CVE-2015-7700 9.8 CRITICAL EPSS 0.01

Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors.

CWE-415 Aug 31, 2017

CVE-2017-10950 7.0 HIGH EPSS 0.00

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0.24.62. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within processing of the 0x8000E038 IOCTL in the bdfwfpf driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker could leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-4776.

CWE-415 Aug 29, 2017

CVE-2017-12925 6.5 MEDIUM EPSS 0.00

Double free vulnerability in DfFromLB in docfile.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image.

CWE-415 Aug 28, 2017

CVE-2017-12858 9.8 CRITICAL 1 Writeup EPSS 0.01

Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.

CWE-415 Aug 23, 2017

CVE-2017-8265 7.0 HIGH EPSS 0.00

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free.

CWE-415 Aug 18, 2017