← Back
CWE-416

7,688 CVEs • Abstraction: Variant • Likelihood of Exploit: High

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

JSON object

Loading...

CVEs (7,688)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Mozilla
2Firefox
Thunderbird
Jun 30, 2026
Feb 24, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Feb 24, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Feb 24, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Feb 24, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
1Mozilla
2Firefox
Thunderbird
Jun 30, 2026
Feb 24, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
1Mozilla
2Firefox
Thunderbird
Jun 30, 2026
Feb 24, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
1Mozilla
2Firefox
Thunderbird
Jun 30, 2026
Feb 24, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
1Mozilla
2Firefox
Thunderbird
Jun 30, 2026
Feb 24, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
1Mozilla
2Firefox
Thunderbird
Jun 30, 2026
Feb 24, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
1Mozilla
2Firefox
Thunderbird
Jun 30, 2026
Feb 24, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
1Mozilla
2Firefox
Thunderbird
Jun 30, 2026
Feb 24, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
1Mozilla
2Firefox
Thunderbird
Jun 30, 2026
Feb 24, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
1Mozilla
2Firefox
Thunderbird
Jun 30, 2026
Feb 24, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
1Imagemagick
1Imagemagick
Jun 17, 2026
Feb 24, 2026
N/A· v4
5.3 MEDIUM· v3
N/A· v2
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `<map>` element that causes i...Show more
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `<map>` element that causes it to use an image after it has been freed. Versions 7.1.2-15 and 6.9.13-40 contain a patch.Show less
1Imagemagick
1Imagemagick
Jun 17, 2026
Feb 24, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler...Show more
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch.Show less
-
-
Jun 17, 2026
Feb 21, 2026
1.9 LOW· v4
3.3 LOW· v3
1.7 LOW· v2
A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only possible with local...Show more
A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit is now public and may be used. Upgrading to version 0.96.6 is able to address this issue. The patch is named fd7271bae238ccb3ae8a71304ea64f0886324925. You should upgrade the affected component.Show less
1Tanium
1Cloud Workloads
Jun 17, 2026
Feb 20, 2026
N/A· v4
4.7 MEDIUM· v3
N/A· v2
Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension.
1Pjsip
1Pjsip
Jun 17, 2026
Feb 19, 2026
5.1 MEDIUM· v4
6.5 MEDIUM· v3
N/A· v2
PJSIP is a free and open source multimedia communication library. Versions prior to 2.17 have a critical heap buffer underflow vulnerability in PJSIP's H.264 packetizer. The bug occurs when processing malformed H.264 bit...Show more
PJSIP is a free and open source multimedia communication library. Versions prior to 2.17 have a critical heap buffer underflow vulnerability in PJSIP's H.264 packetizer. The bug occurs when processing malformed H.264 bitstreams without NAL unit start codes, where the packetizer performs unchecked pointer arithmetic that can read from memory located before the allocated buffer. Version 2.17 contains a patch for the issue.Show less
1Lily Lang
1Lily
Jun 17, 2026
Feb 18, 2026
1.9 LOW· v4
7.8 HIGH· v3
1.7 LOW· v2
A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash_for_name of the file src/lily_symtab.c. The manipulation leads to use after free. Local access is required...Show more
A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash_for_name of the file src/lily_symtab.c. The manipulation leads to use after free. Local access is required to approach this attack. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.Show less
1Linux
1Linux Kernel
Jun 17, 2026
Feb 18, 2026
N/A· v4
7.8 HIGH· v3
N/A· v2
In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free Exynos Virtual Display driver performs me...Show more
In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free Exynos Virtual Display driver performs memory alloc/free operations without lock protection, which easily causes concurrency problem. For example, use-after-free can occur in race scenario like this: ``` CPU0 CPU1 CPU2 ---- ---- ---- vidi_connection_ioctl() if (vidi->connection) // true drm_edid = drm_edid_alloc(); // alloc drm_edid ... ctx->raw_edid = drm_edid; ... drm_mode_getconnector() drm_helper_probe_single_connector_modes() vidi_get_modes() if (ctx->raw_edid) // true drm_edid_dup(ctx->raw_edid); if (!drm_edid) // false ... vidi_connection_ioctl() if (vidi->connection) // false drm_edid_free(ctx->raw_edid); // free drm_edid ... drm_edid_alloc(drm_edid->edid) kmemdup(edid); // UAF!! ... ``` To prevent these vulns, at least in vidi_context, member variables related to memory alloc/free should be protected with ctx->lock.Show less