CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-415

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-1020014 415 2019-07-29 2019-08-19
2.1
None Local Low Not required Partial None None
docker-credential-helpers before 0.6.3 has a double free in the List functions.
2 CVE-2019-16880 415 2019-09-25 2019-09-27
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zip_elements method.
3 CVE-2019-15551 415 2019-08-26 2019-09-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for certain grow attempts with the current capacity.
4 CVE-2019-15504 415 2019-08-23 2019-09-04
10.0
None Remote Low Not required Complete Complete Complete
drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).
5 CVE-2019-15212 415 2019-08-19 2019-09-02
4.9
None Local Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.
6 CVE-2019-15151 415 2019-08-18 2019-08-30
7.5
None Remote Low Not required Partial Partial Partial
AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h.
7 CVE-2019-13351 415 2019-07-05 2019-07-11
6.8
None Remote Medium Not required Partial Partial Partial
posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as distributed with alsa-plugins 1.1.7 and later) has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which can result in unintended information disclosure, crashes, or file corruption due to having the wrong file associated with the file descriptor.
8 CVE-2019-13105 415 2019-08-06 2019-08-13
6.8
None Remote Medium Not required Partial Partial Partial
Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.
9 CVE-2019-12874 415 2019-06-18 2019-06-25
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.
10 CVE-2019-12865 415 2019-06-17 2019-07-29
4.3
None Remote Medium Not required None None Partial
In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.
11 CVE-2019-12219 415 2019-05-20 2019-07-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c.
12 CVE-2019-11932 415 DoS Exec Code 2019-10-03 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
A double free vulnerability in the DDGifSlurp function in decoding.c in libpl_droidsonroids_gif before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service.
13 CVE-2019-11490 415 2019-04-23 2019-04-29
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Npcap 0.992. Sending a malformed .pcap file with the loopback adapter using either pcap_sendqueue_queue() or pcap_sendqueue_transmit() results in kernel pool corruption. This could lead to arbitrary code executing inside the Windows kernel and allow escalation of privileges.
14 CVE-2019-8044 415 Exec Code 2019-08-20 2019-08-21
7.5
None Remote Low Not required Partial Partial Partial
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution.
15 CVE-2019-7784 415 Exec Code 2019-05-22 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution.
16 CVE-2019-7080 415 Exec Code 2019-05-24 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution .
17 CVE-2019-6978 415 2019-01-28 2019-04-04
7.5
None Remote Low Not required Partial Partial Partial
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
18 CVE-2019-6455 415 2019-01-16 2019-01-17
4.3
None Remote Medium Not required None None Partial
An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy() in the file rec-mset.c.
19 CVE-2019-5481 415 2019-09-16 2019-09-17
7.5
None Remote Low Not required Partial Partial Partial
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
20 CVE-2019-5460 415 2019-07-30 2019-08-08
4.3
None Remote Medium Not required None None Partial
Double Free in VLC versions <= 3.0.6 leads to a crash.
21 CVE-2019-5305 415 2019-06-06 2019-06-10
7.1
None Remote Medium Not required None None Complete
The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash.
22 CVE-2019-5236 415 2019-08-08 2019-08-15
6.8
None Remote Medium Not required Partial Partial Partial
Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An attacker can trick a user to click a URL to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal.
23 CVE-2019-5219 415 DoS 2019-06-06 2019-06-10
4.3
None Remote Medium Not required None None Partial
There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition.
24 CVE-2019-3896 415 DoS 2019-06-18 2019-07-01
7.2
None Local Low Not required Complete Complete Complete
A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).
25 CVE-2019-3829 415 Mem. Corr. 2019-03-27 2019-05-30
5.0
None Remote Low Not required None None Partial
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
26 CVE-2019-2247 415 2019-05-24 2019-05-29
4.6
None Local Low Not required Partial Partial Partial
Possibility of double free issue while running multiple instances of smp2p test because of proper protection is missing while using global variable in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
27 CVE-2019-2126 415 Exec Code 2019-08-20 2019-08-22
9.3
None Remote Medium Not required Complete Complete Complete
In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.
28 CVE-2019-2115 415 Mem. Corr. 2019-09-05 2019-09-06
7.2
None Local Low Not required Complete Complete Complete
In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
29 CVE-2019-2096 415 Mem. Corr. 2019-06-07 2019-06-11
7.2
None Local Low Not required Complete Complete Complete
In EffectRelease of EffectBundle.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-123237974.
30 CVE-2019-1999 415 2019-02-28 2019-05-14
7.2
None Local Low Not required Complete Complete Complete
In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.
31 CVE-2018-1000880 415 2018-12-20 2019-04-12
4.3
None Remote Medium Not required None None Partial
libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.
32 CVE-2018-1000877 415 2018-12-20 2019-04-12
6.8
None Remote Medium Not required Partial Partial Partial
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.
33 CVE-2018-1000222 415 Exec Code 2018-08-20 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.
34 CVE-2018-1000216 415 2018-08-20 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3.
35 CVE-2018-20996 415 2019-08-26 2019-08-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling.
36 CVE-2018-20991 415 2019-08-26 2019-08-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free.
37 CVE-2018-20961 415 DoS 2019-08-07 2019-08-27
10.0
None Remote Low Not required Complete Complete Complete
In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.
38 CVE-2018-20450 415 DoS 2018-12-25 2019-01-11
4.3
None Remote Medium Not required None None Partial
The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897.
39 CVE-2018-18751 415 2018-10-29 2018-12-07
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
40 CVE-2018-18718 415 2018-10-29 2018-12-07
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer.
41 CVE-2018-17825 415 2018-10-01 2019-08-13
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE.
42 CVE-2018-17097 415 DoS 2018-09-16 2018-11-08
6.8
None Remote Medium Not required Partial Partial Partial
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch.
43 CVE-2018-16841 415 DoS Mem. Corr. 2018-11-28 2019-10-09
4.0
None Remote Low Single system None None Partial
Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.
44 CVE-2018-16425 415 DoS 2018-09-03 2019-09-11
4.6
None Local Low Not required Partial Partial Partial
A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
45 CVE-2018-16424 415 DoS 2018-09-03 2019-09-11
4.6
None Local Low Not required Partial Partial Partial
A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
46 CVE-2018-16423 415 DoS 2018-09-03 2019-08-06
4.6
None Local Low Not required Partial Partial Partial
A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
47 CVE-2018-16402 415 DoS 2018-09-03 2019-06-10
7.5
None Remote Low Not required Partial Partial Partial
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
48 CVE-2018-15879 415 2019-06-20 2019-06-21
7.5
None Remote Low Not required Partial Partial Partial
The GD Graphics Library (aka libgd) through 2.2.5 has a Double Free Vulnerability in the gdImageBmpPt function.
49 CVE-2018-15878 415 2019-06-20 2019-06-21
7.5
None Remote Low Not required Partial Partial Partial
The GD Graphics Library (aka libgd) through 2.2.5 has a Double Free Vulnerability in the gdImageBmpPtr function.
50 CVE-2018-15518 415 2018-12-26 2019-06-03
6.8
None Remote Medium Not required Partial Partial Partial
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
Total number of vulnerabilities : 173   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.