A malloc-ed data is freed only once.

CVE-2014-0160: This is "heartbit", a redacted version of the portions of openssl-1.0.1f that cause the now infamous "heartbleed" exploit to expose private memory of any process running a exploitable version of openssl. It easily compiles & runs on many current unix / linux boxes, including cygwin...

CVE-2013-1590

CVE-2013-2480

CVE-2013-2485

CVE-2013-3559 (2)

CVE-2013-4081

CVE-2013-4927

CVE-2009-2559

CVE-2009-3243

CVE-2009-4376

CVE-2010-2287

CVE-2010-2995

CVE-2011-0444 (1)

CVE-2011-1139

CVE-2011-2175

CVE-2011-2597

CVE-2009-3897

CVE-2010-3707

CVE-2011-1929

CVE-2012-2186

CVE-2013-2686

CVE-2012-5977

Vulnerability to an exploit using the frontlink technique. Similar to unlink(), the frontlink() code segment can be exploited to write data supplied by the attacker to an address also supplied by the attacker. The attacker supplies the address of a memory chunk. The attacker arranges for the firs...

Exploits of the .dtors section. An attacker can transfer control to arbitrary code by overwriting the address of the function pointer in the .dtors section. This .dtors section exists only in programs that have been compiled and linked with GCC. From "Secure Coding in C and C++" by Robert C. Seac...