← Back
CWE-416

7,674 CVEs • Abstraction: Variant • Likelihood of Exploit: High

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

JSON object

Loading...

CVEs (7,674)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Microsoft
6365 Apps
OfficeOffice Long Term Servicing Channel+3 more
Jun 17, 2026
Jun 10, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
1Microsoft
5365 Apps
ExcelOffice+2 more
Jun 17, 2026
Jun 10, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
1Microsoft
4365 Apps
365 CopilotOffice+1 more
Jun 17, 2026
Jun 10, 2025
N/A· v4
8.4 HIGH· v3
N/A· v2
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
1Adobe
1Indesign
Jun 17, 2026
Jun 10, 2025
N/A· v4
5.5 MEDIUM· v3
N/A· v2
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations...Show more
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
1Adobe
1Indesign
Jun 17, 2026
Jun 10, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires...Show more
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
1Microsoft
6Windows Server 2012
Windows Server 2016Windows Server 2019+3 more
Jun 17, 2026
Jun 10, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
1Microsoft
15Windows 10 1507
Windows 10 1607Windows 10 1809+12 more
Jun 17, 2026
Jun 10, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
1Microsoft
7Windows Server 2008
Windows Server 2012Windows Server 2016+4 more
Jun 17, 2026
Jun 10, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
2Debian
Linux
2Debian Linux
Linux Kernel
Jun 17, 2026
Jun 6, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the child q...Show more
In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the child qdisc's peek() operation before incrementing sch->q.qlen and sch->qstats.backlog. If the child qdisc uses qdisc_peek_dequeued(), this may trigger an immediate dequeue and potential packet drop. In such cases, qdisc_tree_reduce_backlog() is called, but the HFSC qdisc's qlen and backlog have not yet been updated, leading to inconsistent queue accounting. This can leave an empty HFSC class in the active list, causing further consequences like use-after-free. This patch fixes the bug by moving the increment of sch->q.qlen and sch->qstats.backlog before the call to the child qdisc's peek() operation. This ensures that queue length and backlog are always accurate when packet drops or dequeues are triggered during the peek.Show less
1Radare
1Radare2
Jun 17, 2026
Jun 5, 2025
2.0 LOW· v4
2.5 LOW· v3
1.0 LOW· v2
A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function r_cons_flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of th...Show more
A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function r_cons_flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.Show less
1Samsung
3Exynos 1480 Firmware
Exynos 2200 FirmwareExynos 2400 Firmware
Jun 17, 2026
Jun 4, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
1Samsung
1Exynos 1380 Firmware
Jun 17, 2026
Jun 4, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation.
1Samsung
7Exynos 1080 Firmware
Exynos 1280 FirmwareExynos 1380 Firmware+4 more
Jun 17, 2026
Jun 3, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380. A Use-After-Free in the mobile processor leads to privilege escalation.
1Qualcomm
44Ar8031 Firmware
Csra6620 FirmwareCsra6640 Firmware+41 more
Jun 17, 2026
Jun 3, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
1Qualcomm
21Fastconnect 6700 Firmware
Fastconnect 6900 FirmwareFastconnect 7800 Firmware+18 more
Jun 17, 2026
Jun 3, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.
1Qualcomm
90Aqt1000 Firmware
Fastconnect 6200 FirmwareFastconnect 6700 Firmware+87 more
Jun 17, 2026
Jun 3, 2025
N/A· v4
6.6 MEDIUM· v3
N/A· v2
Memory corruption while processing IOCTL command to handle buffers associated with a session.
1Google
1Chrome
Jun 17, 2026
Jun 3, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
1Samsung
1Exynos 2200 Firmware
Jun 17, 2026
Jun 2, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An issue was discovered in Samsung Mobile Processor Exynos 2200. A Use-After-Free in the mobile processor leads to privilege escalation.
1Autodesk
1Revit
Jun 17, 2026
Jun 2, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute a...Show more
A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.Show less
1Arm
35th Gen Gpu Architecture Kernel Driver
Bifrost Gpu Kernel DriverValhall Gpu Kernel Driver
Jun 17, 2026
Jun 2, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU mem...Show more
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r44p0 through r49p3, from r50p0 through r51p0; Valhall GPU Kernel Driver: from r44p0 through r49p3, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r44p0 through r49p3, from r50p0 through r54p0.Show less