← Back
CWE-416

7,674 CVEs • Abstraction: Variant • Likelihood of Exploit: High

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

JSON object

Loading...

CVEs (7,674)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Microsoft
12Windows 10 1507
Windows 10 1607Windows 10 1809+9 more
Jun 17, 2026
Aug 12, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally.
1Microsoft
10Windows 10 1809
Windows 10 21h2Windows 10 22h2+7 more
Jun 17, 2026
Aug 12, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
1Microsoft
15Windows 10 1507
Windows 10 1607Windows 10 1809+12 more
Jun 17, 2026
Aug 12, 2025
N/A· v4
7.0 HIGH· v3
N/A· v2
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
1Microsoft
5Windows 11 22h2
Windows 11 23h2Windows 11 24h2+2 more
Jun 17, 2026
Aug 12, 2025
N/A· v4
7.0 HIGH· v3
N/A· v2
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
1Microsoft
15Windows 10 1507
Windows 10 1607Windows 10 1809+12 more
Jun 17, 2026
Aug 12, 2025
N/A· v4
7.0 HIGH· v3
N/A· v2
Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally.
1Microsoft
15Windows 10 1507
Windows 10 1607Windows 10 1809+12 more
Jun 17, 2026
Aug 12, 2025
N/A· v4
7.0 HIGH· v3
N/A· v2
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
1Microsoft
2Windows 11 24h2
Windows Server 2025
Jun 17, 2026
Aug 12, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
1Microsoft
15Windows 10 1507
Windows 10 1607Windows 10 1809+12 more
Jun 17, 2026
Aug 12, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
1Microsoft
15Windows 10 1507
Windows 10 1607Windows 10 1809+12 more
Jun 17, 2026
Aug 12, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network.
1Microsoft
14Windows 10 1507
Windows 10 1607Windows 10 1809+11 more
Jun 17, 2026
Aug 12, 2025
N/A· v4
7.0 HIGH· v3
N/A· v2
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
1Microsoft
14Windows 10 1507
Windows 10 1607Windows 10 1809+11 more
Jun 17, 2026
Aug 12, 2025
N/A· v4
7.3 HIGH· v3
N/A· v2
Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally.
1Microsoft
12Windows 10 1507
Windows 10 1607Windows 10 1809+9 more
Jun 17, 2026
Aug 12, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.
1Microsoft
15Windows 10 1507
Windows 10 1607Windows 10 1809+12 more
Jun 17, 2026
Aug 12, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
1Microsoft
15Windows 10 1507
Windows 10 1607Windows 10 1809+12 more
Jun 17, 2026
Aug 12, 2025
N/A· v4
6.7 MEDIUM· v3
N/A· v2
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
1Adobe
1Illustrator
Jun 17, 2026
Aug 12, 2025
N/A· v4
5.5 MEDIUM· v3
N/A· v2
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must...Show more
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
2Debian
Linux
2Debian Linux
Linux Kernel
Jun 17, 2026
Aug 12, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set on device creation...Show more
In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set on device creation, thus xfrmi_changelink() should fail when called on such interfaces. The check to enforce this was done only in the case where the xi was returned from xfrmi_locate() which doesn't look for the collect_md interface, and thus the validation was never reached. Calling changelink would thus errornously place the special interface xi in the xfrmi_net->xfrmi hash, but since it also exists in the xfrmi_net->collect_md_xfrmi pointer it would lead to a double free when the net namespace was taken down [1]. Change the check to use the xi from netdev_priv which is available earlier in the function to prevent changes in xfrm collect_md interfaces. [1] resulting oops: [ 8.516540] kernel BUG at net/core/dev.c:12029! [ 8.516552] Oops: invalid opcode: 0000 [#1] SMP NOPTI [ 8.516559] CPU: 0 UID: 0 PID: 12 Comm: kworker/u80:0 Not tainted 6.15.0-virtme #5 PREEMPT(voluntary) [ 8.516565] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 8.516569] Workqueue: netns cleanup_net [ 8.516579] RIP: 0010:unregister_netdevice_many_notify+0x101/0xab0 [ 8.516590] Code: 90 0f 0b 90 48 8b b0 78 01 00 00 48 8b 90 80 01 00 00 48 89 56 08 48 89 32 4c 89 80 78 01 00 00 48 89 b8 80 01 00 00 eb ac 90 <0f> 0b 48 8b 45 00 4c 8d a0 88 fe ff ff 48 39 c5 74 5c 41 80 bc 24 [ 8.516593] RSP: 0018:ffffa93b8006bd30 EFLAGS: 00010206 [ 8.516598] RAX: ffff98fe4226e000 RBX: ffffa93b8006bd58 RCX: ffffa93b8006bc60 [ 8.516601] RDX: 0000000000000004 RSI: 0000000000000000 RDI: dead000000000122 [ 8.516603] RBP: ffffa93b8006bdd8 R08: dead000000000100 R09: ffff98fe4133c100 [ 8.516605] R10: 0000000000000000 R11: 00000000000003d2 R12: ffffa93b8006be00 [ 8.516608] R13: ffffffff96c1a510 R14: ffffffff96c1a510 R15: ffffa93b8006be00 [ 8.516615] FS: 0000000000000000(0000) GS:ffff98fee73b7000(0000) knlGS:0000000000000000 [ 8.516619] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 8.516622] CR2: 00007fcd2abd0700 CR3: 000000003aa40000 CR4: 0000000000752ef0 [ 8.516625] PKRU: 55555554 [ 8.516627] Call Trace: [ 8.516632] <TASK> [ 8.516635] ? rtnl_is_locked+0x15/0x20 [ 8.516641] ? unregister_netdevice_queue+0x29/0xf0 [ 8.516650] ops_undo_list+0x1f2/0x220 [ 8.516659] cleanup_net+0x1ad/0x2e0 [ 8.516664] process_one_work+0x160/0x380 [ 8.516673] worker_thread+0x2aa/0x3c0 [ 8.516679] ? __pfx_worker_thread+0x10/0x10 [ 8.516686] kthread+0xfb/0x200 [ 8.516690] ? __pfx_kthread+0x10/0x10 [ 8.516693] ? __pfx_kthread+0x10/0x10 [ 8.516697] ret_from_fork+0x82/0xf0 [ 8.516705] ? __pfx_kthread+0x10/0x10 [ 8.516709] ret_from_fork_asm+0x1a/0x30 [ 8.516718] </TASK>Show less
1Vim
1Vim
Jun 17, 2026
Aug 11, 2025
6.9 MEDIUM· v4
8.8 HIGH· v3
N/A· v2
Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim’s internal tuple...Show more
Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim’s internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.Show less
1Nasm
1Netwide Assembler
Jun 17, 2026
Aug 11, 2025
1.9 LOW· v4
7.8 HIGH· v3
4.3 MEDIUM· v2
A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally...Show more
A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.Show less
1Jasper Project
1Jasper
Jun 17, 2026
Aug 11, 2025
1.9 LOW· v4
7.8 HIGH· v3
4.3 MEDIUM· v2
A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An at...Show more
A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue.Show less
1Openatom
1Openharmony
Jun 17, 2026
Aug 11, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.