Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,549)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-33094 1Qualcomm 120Ar8035 Firmware Csra6620 FirmwareCsra6640 Firmware+117 more Jun 17, 2026 Jan 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption while running VK synchronization with KASAN enabled.
CVE-2023-52266 1Hongliuliao 1Ehttp Jun 17, 2026 Dec 31, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 ehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after-free. An attacker can make many connections over a short time to trigger this.
CVE-2023-7152 1Micropython 1Micropython Jun 17, 2026 Dec 29, 2023 N/A· v4 9.8 CRITICAL· v3 5.2 MEDIUM· v2 A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use...Show more A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability.Show less
CVE-2023-6546 3Fedoraproject LinuxRedhat 3Enterprise Linux FedoraLinux Kernel Jun 17, 2026 Dec 21, 2023 N/A· v4 7.0 HIGH· v3 N/A· v2 A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, an...Show more A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.Show less
CVE-2023-6932 2Debian Linux 2Debian Linux Linux Kernel Jun 17, 2026 Dec 19, 2023 N/A· v4 7.0 HIGH· v3 N/A· v2 A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read...Show more A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.Show less
CVE-2023-6862 2Debian Mozilla 3Debian Linux Firefox EsrThunderbird Jun 17, 2026 Dec 19, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.
CVE-2023-6859 2Debian Mozilla 4Debian Linux FirefoxFirefox Esr+1 more Jun 17, 2026 Dec 19, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
CVE-2023-6817 1Linux 1Linux Kernel Jun 17, 2026 Dec 18, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk whi...Show more A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free. We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.Show less
CVE-2023-6707 1Google 1Chrome Jun 17, 2026 Dec 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-6706 1Google 1Chrome Jun 17, 2026 Dec 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromi...Show more Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)Show less
CVE-2023-6705 1Google 1Chrome Jun 17, 2026 Dec 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-6704 1Google 1Chrome Jun 17, 2026 Dec 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. (Chromium security severity: High)
CVE-2023-6703 1Google 1Chrome Jun 17, 2026 Dec 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Blink in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-48633 1Adobe 1After Effects Jun 17, 2026 Dec 13, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of...Show more Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2023-47075 1Adobe 1Illustrator Jun 17, 2026 Dec 13, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i...Show more Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-22942 1Vmware 1Photon Os Jun 17, 2026 Dec 13, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.
CVE-2023-35628 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Jun 17, 2026 Dec 12, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2023-46156 1Siemens 73Simatic Drive Controller Cpu 1504d Tf Firmware Simatic Drive Controller Cpu 1507d Tf FirmwareSimatic Et 200sp Open Control 1515sp Pc2 Firmware+70 more Jun 17, 2026 Dec 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations.
CVE-2023-48414 1Google 1Android Jun 17, 2026 Dec 8, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed fo...Show more In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2023-35618 1Microsoft 1Edge Chromium Jun 17, 2026 Dec 7, 2023 N/A· v4 9.6 CRITICAL· v3 N/A· v2 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Previous 1...174175176...378 Next