Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,549)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-0813 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Jan 24, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromi...Show more Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)Show less
CVE-2024-0807 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Jan 24, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-0806 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Jan 24, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)
CVE-2024-0752 1Mozilla 1Firefox Jun 17, 2026 Jan 23, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122.
CVE-2024-0746 2Debian Mozilla 4Debian Linux FirefoxFirefox Esr+1 more Jun 17, 2026 Jan 23, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2023-51043 1Linux 1Linux Kernel Jun 17, 2026 Jan 23, 2024 N/A· v4 7.0 HIGH· v3 N/A· v2 In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.
CVE-2023-51042 1Linux 1Linux Kernel Jun 17, 2026 Jan 23, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free.
CVE-2024-23848 1Linux 1Linux Kernel Jun 17, 2026 Jan 23, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.
CVE-2024-0775 2Linux Redhat 2Enterprise Linux Linux Kernel Jun 17, 2026 Jan 22, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a pot...Show more A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.Show less
CVE-2024-22956 1Swftools 1Swftools Jun 17, 2026 Jan 19, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:838
CVE-2024-22915 1Swftools 1Swftools Jun 17, 2026 Jan 19, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution.
CVE-2024-22914 1Swftools 1Swftools Jun 17, 2026 Jan 19, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It allows an attacker to cause denial of service.
CVE-2024-22920 1Swftools 1Swftools Jun 17, 2026 Jan 19, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c.
CVE-2023-48353 1Google 1Android Jun 17, 2026 Jan 18, 2024 N/A· v4 4.4 MEDIUM· v3 N/A· v2 In vsp driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed
CVE-2024-20952 3Debian NetappOracle 9Cloud Insights Acquisition Unit Cloud Insights Storage Workload Security AgentDebian Linux+6 more Jun 17, 2026 Jan 16, 2024 N/A· v4 7.4 HIGH· v3 N/A· v2 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf,...Show more Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).Show less
CVE-2024-0582 1Linux 1Linux Kernel Jun 17, 2026 Jan 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or pote...Show more A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.Show less
CVE-2024-0232 3Fedoraproject RedhatSqlite 4Enterprise Linux Extra Packages For Enterprise LinuxFedora+1 more Jun 17, 2026 Jan 16, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the appl...Show more A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.Show less
CVE-2023-52115 1Huawei 1Harmonyos Jun 17, 2026 Jan 16, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 The iaware module has a Use-After-Free (UAF) vulnerability. Successful exploitation of this vulnerability may affect the system functions.
CVE-2024-0562 2Linux Redhat 2Enterprise Linux Linux Kernel Jun 17, 2026 Jan 15, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may sc...Show more A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback.Show less
CVE-2023-37117 1Live555 1Live555 Jun 17, 2026 Jan 12, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.

Previous 1...171172173...378 Next