CWE-416
7,675 CVEs • Abstraction: Variant • Likelihood of Exploit: High
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
CVEs (7,675)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in...Show more |
Format Plugins versions 1.1.1 and earlier are affected by a Use After Free vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation o...Show more |
1Microsoft 2365 Apps Office Long Term Servicing ChannelJun 17, 2026 Nov 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 moreJun 17, 2026 Nov 11, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
1Microsoft 2365 Apps Office Long Term Servicing ChannelJun 17, 2026 Nov 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
1Microsoft 5365 Apps ExcelOffice+2 moreJun 17, 2026 Nov 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
1Microsoft 5365 Apps 365 CopilotExcel+2 moreJun 17, 2026 Nov 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
1Microsoft 10Windows 10 1809 Windows 10 21h2Windows 10 22h2+7 moreJun 17, 2026 Nov 11, 2025 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network. |
1Microsoft 9Windows 10 1809 Windows 10 21h2Windows 10 22h2+6 moreJun 17, 2026 Nov 11, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. |
1Microsoft 10Windows 10 1809 Windows 10 21h2Windows 10 22h2+7 moreJun 17, 2026 Nov 11, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. |
1Microsoft 10Windows 10 1809 Windows 10 21h2Windows 10 22h2+7 moreJun 17, 2026 Nov 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally. |
1Microsoft 9Windows 10 1809 Windows 10 21h2Windows 10 22h2+6 moreJun 17, 2026 Nov 11, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. |
InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interacti...Show more |
InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interacti...Show more |
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...Show more |
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...Show more |
Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5. |
Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5. |
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4...Show more |
Use after free in Ozone in Google Chrome on Linux and ChromeOS prior to 142.0.7444.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: Medium) |