Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,541)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-22630 1Apple 2Mac Os X Macos Jun 17, 2026 Jun 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termina...Show more A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code executionShow less
CVE-2023-34241 4Apple DebianFedoraproject+1 more 4Cups Debian LinuxFedora+1 more Jun 17, 2026 Jun 22, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging serv...Show more OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version 2.4.6 has a patch for this issue.Show less
CVE-2023-20893 1Vmware 1Vcenter Server Jun 17, 2026 Jun 22, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on...Show more The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.Show less
CVE-2023-1999 1Webmproject 1Libwebp Jun 17, 2026 Jun 20, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because...Show more There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.Show less
CVE-2023-25747 1Mozilla 1Firefox Jun 17, 2026 Jun 19, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This v...Show more A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox for Android < 110.1.0.Show less
CVE-2023-35829 2Linux Netapp 5H300s H410sH500s+2 more Jun 17, 2026 Jun 18, 2023 N/A· v4 7.0 HIGH· v3 N/A· v2 An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.
CVE-2023-35828 2Linux Netapp 6H300s H410cH410s+3 more Jun 17, 2026 Jun 18, 2023 N/A· v4 7.0 HIGH· v3 N/A· v2 An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.
CVE-2023-35827 1Linux 1Linux Kernel Jun 17, 2026 Jun 18, 2023 N/A· v4 7.0 HIGH· v3 N/A· v2 An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.
CVE-2023-35826 2Linux Netapp 6H300s H410cH410s+3 more Jun 17, 2026 Jun 18, 2023 N/A· v4 7.0 HIGH· v3 N/A· v2 An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c.
CVE-2023-35824 2Debian Linux 2Debian Linux Linux Kernel Jun 17, 2026 Jun 18, 2023 N/A· v4 7.0 HIGH· v3 N/A· v2 An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.
CVE-2023-35823 2Debian Linux 2Debian Linux Linux Kernel Jun 17, 2026 Jun 18, 2023 N/A· v4 7.0 HIGH· v3 N/A· v2 An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.
CVE-2023-28287 1Microsoft 4365 Apps OfficeOffice Long Term Servicing Channel+1 more Jun 17, 2026 Jun 17, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft Publisher Remote Code Execution Vulnerability
CVE-2023-35784 1Openbsd 2Libressl Openbsd Jun 17, 2026 Jun 16, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.
CVE-2023-34475 2Fedoraproject Imagemagick 3Extra Packages For Enterprise Linux FedoraImagemagick Jun 17, 2026 Jun 16, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free...Show more A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.Show less
CVE-2023-34795 1Xlsxio Project 1Xlsxio Jun 17, 2026 Jun 16, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitialized pointer in the xlsxioread_sheetlist_close() function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted XLSX f...Show more xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitialized pointer in the xlsxioread_sheetlist_close() function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted XLSX file.Show less
CVE-2023-29356 1Microsoft 2Odbc Driver For Sql Server Sql Server Jun 17, 2026 Jun 16, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2023-29321 1Adobe 1Animate Jun 17, 2026 Jun 15, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i...Show more Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2023-21120 1Google 1Android Jun 17, 2026 Jun 15, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...Show more In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258188673Show less
CVE-2023-21108 1Google 1Android Jun 17, 2026 Jun 15, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional executio...Show more In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-239414876Show less
CVE-2023-21101 1Google 1Android Jun 17, 2026 Jun 15, 2023 N/A· v4 7.0 HIGH· v3 N/A· v2 In multiple functions of WVDrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n...Show more In multiple functions of WVDrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258189255Show less

Previous 1...191192193...378 Next