CVE-2019-15151

CRITICAL

Adplug < 2.3.3 - Double Free

Title source: rule

Description

AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h.

References (3)

[Exploit, Patch, Third Party Advisory] https://github.com/adplug/adplug/issues/91

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q32A64R2APAC5PXIMSYIEFDQX5AD4GAS/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3PW6PLDTPSQQRHKTU2FB72SUB4Q66NE/

Scores

CVSS v3 9.8

EPSS 0.0051

EPSS Percentile 66.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415

Status published

Affected Products (4)

adplug_project/adplug

fedoraproject/fedora

fedoraproject/fedora

nuget/adplug < 2.3.3NuGet

Timeline

Published Aug 18, 2019

Tracked Since Feb 18, 2026