Total
456 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-45664 | 1 Nothings | 1 Stb Image.h | 2023-12-10 | N/A | 8.8 HIGH |
stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution. | |||||
CVE-2023-41325 | 1 Linaro | 1 Op-tee | 2023-12-10 | N/A | 6.7 MEDIUM |
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (`sw_crypto_acipher_alloc_rsa_public_key`) will try to allocate a memory (which is optee’s heap memory). RSA key is consist of exponent and modulus (represent as variable `e`, `n`) and it allocation is not atomic way, so it may succeed in `e` but fail in `n`. In this case sw_crypto_acipher_alloc_rsa_public_key` will free on `e` and return as it is failed but variable ‘e’ is remained as already freed memory address . `shdr_verify_signature` will free again that memory (which is `e`) even it is freed when it failed allocate RSA key. A patch is available in version 3.22. No known workarounds are available. | |||||
CVE-2023-32824 | 2 Google, Mediatek | 31 Android, Mt6580, Mt6739 and 28 more | 2023-12-10 | N/A | 6.7 MEDIUM |
In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912961. | |||||
CVE-2023-43281 | 1 Nothings | 1 Stb Image.h | 2023-12-10 | N/A | 6.5 MEDIUM |
Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function. | |||||
CVE-2023-25801 | 1 Google | 1 Tensorflow | 2023-12-10 | N/A | 7.8 HIGH |
TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1. | |||||
CVE-2023-21500 | 1 Samsung | 1 Android | 2023-12-10 | N/A | 5.5 MEDIUM |
Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory. | |||||
CVE-2023-3312 | 1 Linux | 1 Linux Kernel | 2023-12-10 | N/A | 7.5 HIGH |
A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service. | |||||
CVE-2023-21106 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-265016072References: Upstream kernel | |||||
CVE-2023-21030 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In Confirmation of keystore_cli_v2.cpp, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226234140 | |||||
CVE-2023-1999 | 1 Webmproject | 1 Libwebp | 2023-12-10 | N/A | 7.5 HIGH |
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. | |||||
CVE-2023-37365 | 1 Hnswlib Project | 1 Hnswlib | 2023-12-10 | N/A | 6.5 MEDIUM |
Hnswlib 0.7.0 has a double free in init_index when the M argument is a large integer. | |||||
CVE-2023-29469 | 2 Debian, Xmlsoft | 2 Debian Linux, Libxml2 | 2023-12-10 | N/A | 6.5 MEDIUM |
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value). | |||||
CVE-2022-4744 | 1 Linux | 1 Linux Kernel | 2023-12-10 | N/A | 7.8 HIGH |
A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||
CVE-2023-28411 | 1 Intel | 20 Server System D50tnp1mhcpac, Server System D50tnp1mhcpac Firmware, Server System D50tnp1mhcrac and 17 more | 2023-12-10 | N/A | 5.5 MEDIUM |
Double free in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. | |||||
CVE-2023-35784 | 1 Openbsd | 2 Libressl, Openbsd | 2023-12-10 | N/A | 9.8 CRITICAL |
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected. | |||||
CVE-2021-33304 | 1 Altran | 2 Picotcp, Picotcp-ng | 2023-12-10 | N/A | 9.8 CRITICAL |
Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragments.c in function pico_fragments_reassemble, allows attackers to execute arbitrary code. | |||||
CVE-2023-27320 | 2 Fedoraproject, Sudo Project | 2 Fedora, Sudo | 2023-12-10 | N/A | 7.2 HIGH |
Sudo before 1.9.13p2 has a double free in the per-command chroot feature. | |||||
CVE-2022-3806 | 1 Zephyrproject | 1 Zephyr | 2023-12-10 | N/A | 9.8 CRITICAL |
Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer. | |||||
CVE-2022-3707 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-12-10 | N/A | 5.5 MEDIUM |
A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. | |||||
CVE-2022-47975 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-10 | N/A | 7.5 HIGH |
The DUBAI module has a double free vulnerability. Successful exploitation of this vulnerability may affect system availability. |