Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,549)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-46751 1Artifex 1Ghostscript Jun 17, 2026 Dec 6, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.
CVE-2023-6510 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Jun 17, 2026 Dec 6, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interacti...Show more Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)Show less
CVE-2023-6509 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Jun 17, 2026 Dec 6, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI inter...Show more Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High)Show less
CVE-2023-6508 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Jun 17, 2026 Dec 6, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-33063 1Qualcomm 280315 5g Iot Modem Firmware 8098 Firmware8953pro Firmware+277 more Jun 17, 2026 Dec 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in DSP Services during a remote call from HLOS to DSP.
CVE-2023-22668 1Qualcomm 55Aqt1000 Firmware Ar8035 FirmwareFastconnect 6200 Firmware+52 more Jun 17, 2026 Dec 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory Corruption in Audio while invoking IOCTLs calls from the user-space.
CVE-2023-22383 1Qualcomm 58Aqt1000 Firmware C V2x 9150 FirmwareFastconnect 6200 Firmware+55 more Jun 17, 2026 Dec 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory Corruption in camera while installing a fd for a particular DMA buffer.
CVE-2023-49288 1Squid Cache 1Squid Jun 17, 2026 Dec 4, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All vers...Show more Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf.Show less
CVE-2023-40088 1Google 1Android Jun 17, 2026 Dec 4, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no addition...Show more In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2023-40084 1Google 1Android Jun 17, 2026 Dec 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...Show more In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2023-42722 1Google 1Android Jun 17, 2026 Dec 4, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In camera service, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed
CVE-2023-5427 1Arm 35th Gen Gpu Architecture Kernel Driver Bifrost Gpu Kernel DriverValhall Gpu Kernel Driver Jun 17, 2026 Dec 1, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU processing...Show more Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r44p0 through r45p0; Valhall GPU Kernel Driver: from r44p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r44p0 through r45p0.Show less
CVE-2023-6351 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Jun 17, 2026 Nov 29, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
CVE-2023-6350 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Jun 17, 2026 Nov 29, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
CVE-2023-6347 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Jun 17, 2026 Nov 29, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-6346 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Jun 17, 2026 Nov 29, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-42365 1Busybox 1Busybox Jun 17, 2026 Nov 27, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.
CVE-2023-42364 1Busybox 1Busybox Jun 17, 2026 Nov 27, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.
CVE-2023-42363 1Busybox 1Busybox Jun 17, 2026 Nov 27, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
CVE-2023-38573 1Foxitsoftware 1Foxit Reader Jun 17, 2026 Nov 27, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, wh...Show more A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.Show less

Previous 1...175176177...378 Next