← Back
CWE-416

7,664 CVEs • Abstraction: Variant • Likelihood of Exploit: High

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

JSON object

Loading...

CVEs (7,664)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Microsoft
15Windows 10 1507
Windows 10 1607Windows 10 1809+12 more
Jun 17, 2026
Dec 12, 2024
N/A· v4
8.1 HIGH· v3
N/A· v2
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
1Microsoft
15Windows 10 1507
Windows 10 1607Windows 10 1809+12 more
Jun 17, 2026
Dec 12, 2024
N/A· v4
8.1 HIGH· v3
N/A· v2
Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
1Microsoft
15Windows 10 1507
Windows 10 1607Windows 10 1809+12 more
Jun 17, 2026
Dec 12, 2024
N/A· v4
8.1 HIGH· v3
N/A· v2
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
1Microsoft
14Windows 10 1507
Windows 10 1607Windows 10 1809+11 more
Jun 17, 2026
Dec 12, 2024
N/A· v4
8.1 HIGH· v3
N/A· v2
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
1Microsoft
5Windows Server 2016
Windows Server 2019Windows Server 2022+2 more
Jun 17, 2026
Dec 12, 2024
N/A· v4
8.1 HIGH· v3
N/A· v2
Windows Remote Desktop Services Remote Code Execution Vulnerability
1Microsoft
5Windows Server 2016
Windows Server 2019Windows Server 2022+2 more
Jun 17, 2026
Dec 12, 2024
N/A· v4
8.1 HIGH· v3
N/A· v2
Windows Remote Desktop Services Remote Code Execution Vulnerability
1Microsoft
5Windows Server 2016
Windows Server 2019Windows Server 2022+2 more
Jun 17, 2026
Dec 12, 2024
N/A· v4
8.1 HIGH· v3
N/A· v2
Windows Remote Desktop Services Remote Code Execution Vulnerability
1Microsoft
5Windows Server 2016
Windows Server 2019Windows Server 2022+2 more
Jun 17, 2026
Dec 12, 2024
N/A· v4
8.1 HIGH· v3
N/A· v2
Windows Remote Desktop Services Remote Code Execution Vulnerability
1Microsoft
10Windows 10 1809
Windows 10 21h2Windows 10 22h2+7 more
Jun 17, 2026
Dec 12, 2024
N/A· v4
7.0 HIGH· v3
N/A· v2
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
1Microsoft
14Windows 10 1507
Windows 10 1607Windows 10 1809+11 more
Jun 17, 2026
Dec 12, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
Input Method Editor (IME) Remote Code Execution Vulnerability
1Microsoft
4Windows 10 1809
Windows 10 21h2Windows 10 22h2+1 more
Jun 17, 2026
Dec 12, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
1Microsoft
4365 Apps
ExcelOffice+1 more
Jun 17, 2026
Dec 12, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
Microsoft Excel Remote Code Execution Vulnerability
2Gstreamer
Gstreamer Project
2Gstreamer
Gstreamer
Jun 17, 2026
Dec 12, 2024
5.1 MEDIUM· v4
9.1 CRITICAL· v3
N/A· v2
GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATR...Show more
GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10.Show less
1Google
1Chrome
Jun 17, 2026
Dec 12, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
1Adobe
1Animate
Jun 17, 2026
Dec 10, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
Animate versions 23.0.8, 24.0.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera...Show more
Animate versions 23.0.8, 24.0.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
1Adobe
1Photoshop
Jun 17, 2026
Dec 10, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
Photoshop Desktop versions 26.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera...Show more
Photoshop Desktop versions 26.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
1Adobe
4Acrobat
Acrobat DcAcrobat Reader+1 more
Jun 17, 2026
Dec 10, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the...Show more
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
1Linux
1Linux Kernel
Jun 17, 2026
Dec 7, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
In the Linux kernel, the following vulnerability has been resolved: fsnotify: Fix ordering of iput() and watched_objects decrement Ensure the superblock is kept alive until we're done with iput(). Holding a reference t...Show more
In the Linux kernel, the following vulnerability has been resolved: fsnotify: Fix ordering of iput() and watched_objects decrement Ensure the superblock is kept alive until we're done with iput(). Holding a reference to an inode is not allowed unless we ensure the superblock stays alive, which fsnotify does by keeping the watched_objects count elevated, so iput() must happen before the watched_objects decrement. This can lead to a UAF of something like sb->s_fs_info in tmpfs, but the UAF is hard to hit because race orderings that oops are more likely, thanks to the CHECK_DATA_CORRUPTION() block in generic_shutdown_super(). Also, ensure that fsnotify_put_sb_watched_objects() doesn't call fsnotify_sb_watched_objects() on a superblock that may have already been freed, which would cause a UAF read of sb->s_fsnotify_info.Show less
1Openrobotics
1Robot Operating System
Jun 17, 2026
Dec 6, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the...Show more
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter `/amcl do_beamskip`.Show less
1Openrobotics
1Robot Operating System
Jun 17, 2026
Dec 6, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change th...Show more
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter `/amcl z_short`.Show less