Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,543)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-41071 1Apple 5Ipados Iphone OsMacos+2 more Jun 17, 2026 Sep 27, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privile...Show more A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges.Show less
CVE-2023-39434 1Apple 4Ipados Iphone OsMacos+1 more Jun 17, 2026 Sep 27, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
CVE-2023-32541 1Hancom 1Hancom Office 2020 Jun 17, 2026 Sep 27, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user into opening a malforme...Show more A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user into opening a malformed file to trigger this vulnerability.Show less
CVE-2023-39453 1Accusoft 1Imagegear Jun 17, 2026 Sep 25, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can deliver this file to trigg...Show more A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can deliver this file to trigger this vulnerability.Show less
CVE-2023-42482 1Samsung 1Exynos 2200 Firmware Jun 17, 2026 Sep 21, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free.
CVE-2023-41375 1Jtekt 1Kostac Plc Jun 17, 2026 Sep 20, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming...Show more Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.Show less
CVE-2023-4806 3Fedoraproject GnuRedhat 22Codeready Linux Builder Eus Codeready Linux Builder Eus For Power Little EndianCodeready Linux Builder Eus For Power Little Endian Eus+19 more Jun 17, 2026 Sep 18, 2023 N/A· v4 5.9 MEDIUM· v3 N/A· v2 A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module imp...Show more A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss__gethostbyname2_r and _nss__getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.Show less
CVE-2023-36735 1Microsoft 1Edge Chromium Jun 17, 2026 Sep 15, 2023 N/A· v4 9.6 CRITICAL· v3 N/A· v2 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2023-36562 1Microsoft 1Edge Chromium Jun 17, 2026 Sep 15, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2023-2680 2Qemu Redhat 2Enterprise Linux Qemu Jun 17, 2026 Sep 13, 2023 N/A· v4 8.2 HIGH· v3 N/A· v2 This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually mis...Show more This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750.Show less
CVE-2023-4813 4Fedoraproject GnuNetapp+1 more 16Active Iq Unified Manager Enterprise LinuxEnterprise Linux Eus+13 more Jun 17, 2026 Sep 12, 2023 N/A· v4 5.9 MEDIUM· v3 N/A· v2 A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is...Show more A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.Show less
CVE-2023-4921 2Debian Linux 2Debian Linux Linux Kernel Jun 17, 2026 Sep 12, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets...Show more A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.Show less
CVE-2023-38161 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Jun 17, 2026 Sep 12, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows GDI Elevation of Privilege Vulnerability
CVE-2023-38160 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Jun 17, 2026 Sep 12, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Windows TCP/IP Information Disclosure Vulnerability
CVE-2023-38139 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Jun 17, 2026 Sep 12, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-36804 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Jun 17, 2026 Sep 12, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows GDI Elevation of Privilege Vulnerability
CVE-2023-36802 1Microsoft 7Windows 10 1809 Windows 10 21h2Windows 10 22h2+4 more Jun 17, 2026 Sep 12, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
CVE-2023-36760 1Microsoft 13d Viewer Jun 17, 2026 Sep 12, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 3D Viewer Remote Code Execution Vulnerability
CVE-2023-38075 1Siemens 3Jt2go Teamcenter VisualizationTecnomatix Plant Simulation Jun 17, 2026 Sep 12, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All vers...Show more A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842)Show less
CVE-2023-35687 1Google 1Android Jun 17, 2026 Sep 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...Show more In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less

Previous 1...181182183...378 Next