Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,521)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-26544 1Linux 1Linux Kernel Jun 17, 2026 Feb 25, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size.
CVE-2023-0941 1Google 1Chrome Jun 17, 2026 Feb 22, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CVE-2023-0932 1Google 1Chrome Jun 17, 2026 Feb 22, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTM...Show more Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)Show less
CVE-2023-0931 1Google 1Chrome Jun 17, 2026 Feb 22, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-0929 1Google 1Chrome Jun 17, 2026 Feb 22, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-0928 1Google 1Chrome Jun 17, 2026 Feb 22, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-0927 1Google 1Chrome Jun 17, 2026 Feb 22, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (C...Show more Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)Show less
CVE-2022-48340 1Gluster 1Glusterfs Jun 17, 2026 Feb 21, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.
CVE-2023-22246 1Adobe 1Animate Jun 17, 2026 Feb 17, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i...Show more Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2023-22244 1Adobe 1Premiere Rush Jun 17, 2026 Feb 17, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe Premiere Rush version 2.6 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user inter...Show more Adobe Premiere Rush version 2.6 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2023-21584 1Adobe 1Framemaker Jun 17, 2026 Feb 17, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigat...Show more FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-33391 1Htacg 1Tidy Jun 17, 2026 Feb 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.
CVE-2023-23586 1Linux 1Linux Kernel Jun 17, 2026 Feb 17, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-thread...Show more Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a time namespace's vvar page to process's memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process' memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit 788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring Show less
CVE-2022-30539 1Intel 53Xeon Gold 5315y Firmware Xeon Gold 5317 FirmwareXeon Gold 5318h Firmware+50 more Jun 17, 2026 Feb 16, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Use after free in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-40016 1Media Server Project 1Media Server Jun 17, 2026 Feb 15, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Use After Free (UAF) vulnerability in ireader media-server before commit 3e0f63f1d3553f75c7d4eb32fa7c7a1976a9ff84 in librtmp, allows attackers to cause a denial of service.
CVE-2023-21808 1Microsoft 5.net .net FrameworkVisual Studio 2017+2 more Jun 17, 2026 Feb 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2023-21822 1Microsoft 13Windows 10 Windows 10 1607Windows 10 1809+10 more Jun 17, 2026 Feb 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2023-21688 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Jun 17, 2026 Feb 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 NT OS Kernel Elevation of Privilege Vulnerability
CVE-2023-24581 1Siemens 1Solid Edge Se2023 Jun 17, 2026 Feb 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains a use-after-free...Show more A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted STP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19425)Show less
CVE-2023-0799 1Libtiff 1Libtiff Jun 17, 2026 Feb 13, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available wit...Show more LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.Show less

Previous 1...201202203...377 Next