Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,551)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-23322 1Envoyproxy 1Envoy Jun 17, 2026 Feb 9, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_...Show more Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.Show less
CVE-2024-25443 1Hugin Project 1Hugin Jun 17, 2026 Feb 9, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image.
CVE-2024-1312 2Fedoraproject Linux 2Fedora Linux Kernel Jun 17, 2026 Feb 8, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the sy...Show more A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system.Show less
CVE-2024-24189 1Jsish 1Jsish Jun 17, 2026 Feb 7, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c.
CVE-2024-1284 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Feb 7, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-24266 1Gpac 1Gpac Jun 17, 2026 Feb 5, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.
CVE-2024-24263 1Chendotjs 1Lotos Webserver Jun 17, 2026 Feb 5, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Lotos WebServer v0.1.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the response_append_status_line function at /lotos/src/response.c.
CVE-2024-24262 1Ireader 1Media Server Jun 17, 2026 Feb 5, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function at /uac/sip-uac-transaction.c.
CVE-2024-24260 1Ireader 1Media Server Jun 17, 2026 Feb 5, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_subscribe_remove function at /uac/sip-uac-subscribe.c.
CVE-2023-5249 1Arm 2Bifrost Gpu Kernel Driver Valhall Gpu Kernel Driver Jun 17, 2026 Feb 5, 2024 N/A· v4 7.0 HIGH· v3 N/A· v2 Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition....Show more Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Bifrost GPU Kernel Driver: from r35p0 through r40p0; Valhall GPU Kernel Driver: from r35p0 through r40p0. Show less
CVE-2020-36773 1Artifex 1Ghostscript Jun 17, 2026 Feb 4, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e...Show more Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).Show less
CVE-2024-25062 1Xmlsoft 1Libxml2 Jun 17, 2026 Feb 4, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValida...Show more An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.Show less
CVE-2024-21860 1Openatom 1Openharmony Jun 17, 2026 Feb 2, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free.
CVE-2024-21399 1Microsoft 1Edge Chromium Jun 17, 2026 Feb 2, 2024 N/A· v4 8.3 HIGH· v3 N/A· v2 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2024-1086 5Debian FedoraprojectLinux+2 more 12500f Firmware A250 FirmwareC250 Firmware+9 more Jun 17, 2026 Jan 31, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the...Show more A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.Show less
CVE-2024-1085 1Linux 1Linux Kernel Jun 17, 2026 Jan 31, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set...Show more A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability. We recommend upgrading past commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7. Show less
CVE-2024-1077 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Jan 30, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)
CVE-2024-1060 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Jan 30, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-1059 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Jan 30, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-21803 1Linux 1Linux Kernel Jun 17, 2026 Jan 30, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/b...Show more Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1. Show less

Previous 1...170171172...378 Next