Description
The product calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc().
Extended Description
When free() is called on an invalid pointer, the program's memory management data structures may become corrupted. This corruption can cause the program to crash or, in some circumstances, an attacker may be able to cause free() to operate on controllable memory locations to modify critical program variables or execute code.
CVE vulnerabilities with CWE-590 (19)
9.8
CVSS
CRITICAL
CVE-2021-42377
pub. 2021-11-15
9.8
CVSS
CRITICAL
CVE-2020-6016
pub. 2020-11-18
9.0
CVSS
CRITICAL
CVE-2025-32911
pub. 2025-04-15
8.6
CVSS
HIGH
CVE-2023-42459
pub. 2023-10-16
8.1
CVSS
HIGH
CVE-2022-31625
pub. 2022-06-16
7.8
CVSS
HIGH
CVE-2026-20810
pub. 2026-01-13
7.8
CVSS
HIGH
CVE-2025-54899
pub. 2025-09-09
7.8
CVSS
HIGH
CVE-2021-3939
pub. 2021-11-17
7.7
CVSS
HIGH
CVE-2022-31627
pub. 2022-07-28
7.5
CVSS
HIGH
CVE-2025-42994
pub. 2025-06-10
7.5
CVSS
HIGH
CVE-2025-42995
pub. 2025-06-10
7.5
CVSS
HIGH
CVE-2023-25565
pub. 2023-02-14
7.0
CVSS
HIGH
CVE-2023-22291
pub. 2023-04-05
6.3
CVSS
MEDIUM
CVE-2021-39218
pub. 2021-09-17
6.1
CVSS
MEDIUM
CVE-2026-47328
pub. 2026-05-28
5.6
CVSS
MEDIUM
CVE-2025-42996
pub. 2025-06-10
5.5
CVSS
MEDIUM
CVE-2025-7006
pub. 2026-06-12
5.5
CVSS
MEDIUM
CVE-2023-31973
pub. 2023-05-09
1.9
CVSS
LOW
CVE-2025-5899
pub. 2025-06-09