{"id":"CVE-2024-25713","details":"yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and pool_realloc.)","aliases":["GHSA-whx6-m9j4-w2m2"],"modified":"2026-04-02T10:07:58.299090Z","published":"2024-02-29T01:44:16.333Z","related":["GHSA-q4m7-9pcm-fpxh"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6KQ67T4R7QEWURW5NMCCVLTBASL4ECHE/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NNICQVIF7BRYFWYRL3HPVAJIPXN4OVTX/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TKQPEREDUDKGYJMFNFDQVYCVLWDRO2Y2/"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KQ67T4R7QEWURW5NMCCVLTBASL4ECHE/"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NNICQVIF7BRYFWYRL3HPVAJIPXN4OVTX/"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKQPEREDUDKGYJMFNFDQVYCVLWDRO2Y2/"},{"type":"EVIDENCE","url":"https://github.com/ibireme/yyjson/security/advisories/GHSA-q4m7-9pcm-fpxh"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ibireme/yyjson","events":[{"introduced":"0"},{"last_affected":"e01ae9d89eaf858894d366169329097171a28d67"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.8.0"}]}}],"versions":["0.1.0","0.2.0","0.3.0","0.4.0","0.5.0","0.5.1","0.6.0","0.7.0","0.8.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25713.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"38"}]},{"events":[{"introduced":"0"},{"last_affected":"39"}]},{"events":[{"introduced":"0"},{"last_affected":"40"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"}]}