Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,541)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-3777 3Canonical DebianLinux 3Debian Linux Linux KernelUbuntu Linux Jun 17, 2026 Sep 6, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the...Show more A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.Show less
CVE-2021-39859 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Jun 17, 2026 Sep 6, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An...Show more Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-21088 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Jun 17, 2026 Sep 6, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage t...Show more Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2023-3472 1Panasonic 1Kw Watcher Jun 17, 2026 Sep 6, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code.
CVE-2023-4763 2Debian Google 2Chrome Debian Linux Jun 17, 2026 Sep 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-33021 1Qualcomm 163Apq8064au Firmware Aqt1000 FirmwareAr8035 Firmware+160 more Jun 17, 2026 Sep 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in Graphics while processing user packets for command submission.
CVE-2023-4755 1Gpac 1Gpac Jun 17, 2026 Sep 4, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4752 4Apple DebianFedoraproject+1 more 4Debian Linux FedoraMacos+1 more Jun 17, 2026 Sep 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Use After Free in GitHub repository vim/vim prior to 9.0.1858.
CVE-2023-4750 3Apple FedoraprojectVim 3Fedora MacosVim Jun 23, 2026 Sep 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Use After Free in GitHub repository vim/vim prior to 9.0.1857.
CVE-2023-4733 3Apple FedoraprojectVim 3Fedora MacosVim Jun 23, 2026 Sep 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Use After Free in GitHub repository vim/vim prior to 9.0.1840.
CVE-2023-20849 4Google LinuxLinuxfoundation+1 more 4Android Iot YoctoLinux Kernel+1 more Jun 17, 2026 Sep 4, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitat...Show more In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350.Show less
CVE-2023-20835 3Google LinuxfoundationMediatek 3Android Iot YoctoYocto Jun 17, 2026 Sep 4, 2023 N/A· v4 6.4 MEDIUM· v3 N/A· v2 In camsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID:...Show more In camsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07326570.Show less
CVE-2023-20834 1Google 1Android Jun 17, 2026 Sep 4, 2023 N/A· v4 6.4 MEDIUM· v3 N/A· v2 In pda, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP...Show more In pda, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608514; Issue ID: ALPS07608514.Show less
CVE-2023-3297 1Canonical 2Accountsservice Ubuntu Linux Jun 17, 2026 Sep 1, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.
CVE-2023-40187 1Freerdp 1Freerdp Jun 17, 2026 Aug 31, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of the 3.x beta branch are subject to a Use-After-Free issue in the `avc420_ensure_buffer` and `...Show more FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of the 3.x beta branch are subject to a Use-After-Free issue in the `avc420_ensure_buffer` and `avc444_ensure_buffer` functions. If the value of `piDstSize[x]` is 0, `ppYUVDstData[x]` will be freed. However, in this case `ppYUVDstData[x]` will not have been updated which leads to a Use-After-Free vulnerability. This issue has been addressed in version 3.0.0-beta3. Users of the 3.x beta releases are advised to upgrade. There are no known workarounds for this vulnerability.Show less
CVE-2023-39355 2Debian Freerdp 2Debian Linux Freerdp Jun 17, 2026 Aug 31, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing `RDPGFX_C...Show more FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing `RDPGFX_CMDID_RESETGRAPHICS` packets. If `context->maxPlaneSize` is 0, `context->planesBuffer` will be freed. However, without updating `context->planesBuffer`, this leads to a Use-After-Free exploit vector. In most environments this should only result in a crash. This issue has been addressed in version 3.0.0-beta3 and users of the beta 3.x releases are advised to upgrade. There are no known workarounds for this vulnerability.Show less
CVE-2023-4611 1Linux 1Linux Kernel Jun 17, 2026 Aug 29, 2023 N/A· v4 6.3 MEDIUM· v3 N/A· v2 A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash...Show more A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak.Show less
CVE-2023-4572 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Jun 17, 2026 Aug 29, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-39562 1Gpac 1Gpac Jun 17, 2026 Aug 28, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a c...Show more GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.Show less
CVE-2023-36741 1Microsoft 1Edge Chromium Jun 17, 2026 Aug 26, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Previous 1...183184185...378 Next