CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
967 vulnerabilities reference this CWE, most recent first.
GHSA-FRWV-8C9X-7766
Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2025-10-22 00:31A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.
{
"affected": [],
"aliases": [
"CVE-2020-9859"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-05T15:15:00Z",
"severity": "HIGH"
},
"details": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.",
"id": "GHSA-frwv-8c9x-7766",
"modified": "2025-10-22T00:31:55Z",
"published": "2022-05-24T17:19:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9859"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT211214"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9859"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FV5H-VQPF-6FQJ
Vulnerability from github – Published: 2025-07-10 09:32 – Updated: 2026-05-12 15:30A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.
This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.
{
"affected": [],
"aliases": [
"CVE-2025-32988"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-10T08:15:24Z",
"severity": "MODERATE"
},
"details": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.",
"id": "GHSA-fv5h-vqpf-6fqj",
"modified": "2026-05-12T15:30:54Z",
"published": "2025-07-10T09:32:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:16115"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:16116"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:17181"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:17348"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:17361"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:17415"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:19088"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:22529"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7477"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-32988"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359622"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html"
},
{
"type": "WEB",
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/07/11/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FVJ2-PQCW-M982
Vulnerability from github – Published: 2025-12-02 03:31 – Updated: 2025-12-02 15:30In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4797.
{
"affected": [],
"aliases": [
"CVE-2025-20773"
],
"database_specific": {
"cwe_ids": [
"CWE-415",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-02T03:16:18Z",
"severity": "MODERATE"
},
"details": "In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4797.",
"id": "GHSA-fvj2-pqcw-m982",
"modified": "2025-12-02T15:30:31Z",
"published": "2025-12-02T03:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20773"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/December-2025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FVVC-C9XJ-45FV
Vulnerability from github – Published: 2023-06-06 09:30 – Updated: 2024-04-04 04:34Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.
{
"affected": [],
"aliases": [
"CVE-2022-33307"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-06T08:15:10Z",
"severity": "HIGH"
},
"details": "Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.",
"id": "GHSA-fvvc-c9xj-45fv",
"modified": "2024-04-04T04:34:03Z",
"published": "2023-06-06T09:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33307"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FW8C-Q6FQ-37RG
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2026-07-07 15:32It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.
{
"affected": [],
"aliases": [
"CVE-2018-10902"
],
"database_specific": {
"cwe_ids": [
"CWE-415",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-21T19:29:00Z",
"severity": "HIGH"
},
"details": "It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.",
"id": "GHSA-fw8c-q6fq-37rg",
"modified": "2026-07-07T15:32:47Z",
"published": "2022-05-13T01:34:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10902"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4308"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3849-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3849-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3847-3"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3847-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3847-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3776-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3776-1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590720"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2018-10902"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3217"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0641"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0415"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105119"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041529"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FWF5-52RJ-2XR4
Vulnerability from github – Published: 2022-06-24 00:00 – Updated: 2022-06-30 00:00LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c.
{
"affected": [],
"aliases": [
"CVE-2022-33033"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-23T17:15:00Z",
"severity": "HIGH"
},
"details": "LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c.",
"id": "GHSA-fwf5-52rj-2xr4",
"modified": "2022-06-30T00:00:38Z",
"published": "2022-06-24T00:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33033"
},
{
"type": "WEB",
"url": "https://github.com/LibreDWG/libredwg/issues/493"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FWFF-CX6H-WXMQ
Vulnerability from github – Published: 2022-06-29 00:00 – Updated: 2025-11-03 21:30DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack.
{
"affected": [],
"aliases": [
"CVE-2021-41688"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-28T13:15:00Z",
"severity": "HIGH"
},
"details": "DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack.",
"id": "GHSA-fwff-cx6h-wxmq",
"modified": "2025-11-03T21:30:41Z",
"published": "2022-06-29T00:00:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41688"
},
{
"type": "WEB",
"url": "https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb"
},
{
"type": "WEB",
"url": "https://github.com/DCMTK/dcmtk"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00032.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FWJM-RXRV-MHXC
Vulnerability from github – Published: 2022-05-17 02:51 – Updated: 2022-05-17 02:51The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2014-9807"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-30T15:59:00Z",
"severity": "MODERATE"
},
"details": "The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors.",
"id": "GHSA-fwjm-rxrv-mhxc",
"modified": "2022-05-17T02:51:58Z",
"published": "2022-05-17T02:51:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9807"
},
{
"type": "WEB",
"url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream\u0026id=be644895456764f2c2670f297d9d9860ff0bdd75"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343463"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2014/12/24/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FWV6-6JH2-9RFC
Vulnerability from github – Published: 2022-08-06 00:00 – Updated: 2022-08-06 00:00NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure.
{
"affected": [],
"aliases": [
"CVE-2022-31614"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-05T21:15:00Z",
"severity": "HIGH"
},
"details": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure.",
"id": "GHSA-fwv6-6jh2-9rfc",
"modified": "2022-08-06T00:00:36Z",
"published": "2022-08-06T00:00:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31614"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G38X-FQX6-C9WX
Vulnerability from github – Published: 2026-06-29 21:32 – Updated: 2026-06-30 00:31A double free issue was addressed with improved memory management. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
{
"affected": [],
"aliases": [
"CVE-2026-43706"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-29T20:17:35Z",
"severity": "MODERATE"
},
"details": "A double free issue was addressed with improved memory management. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.",
"id": "GHSA-g38x-fqx6-c9wx",
"modified": "2026-06-30T00:31:29Z",
"published": "2026-06-29T21:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43706"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127594"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127595"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.