Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,457)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-4177 1Google 1Chrome Jun 17, 2026 Nov 30, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interacti...Show more Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High)Show less
CVE-2022-4175 1Google 1Chrome Jun 17, 2026 Nov 30, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-45343 1Gpac 1Gpac Jun 17, 2026 Nov 29, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c.
CVE-2022-45919 2Linux Netapp 6H300s Firmware H410c FirmwareH410s Firmware+3 more Jun 17, 2026 Nov 27, 2022 N/A· v4 7.0 HIGH· v3 N/A· v2 An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
CVE-2022-45888 2Linux Netapp 6H300s Firmware H410c FirmwareH410s Firmware+3 more Jun 17, 2026 Nov 25, 2022 N/A· v4 6.4 MEDIUM· v3 N/A· v2 An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.
CVE-2022-45886 2Linux Netapp 6H300s Firmware H410c FirmwareH410s Firmware+3 more Jun 17, 2026 Nov 25, 2022 N/A· v4 7.0 HIGH· v3 N/A· v2 An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.
CVE-2022-45885 2Linux Netapp 6H300s Firmware H410c FirmwareH410s Firmware+3 more Jun 17, 2026 Nov 25, 2022 N/A· v4 7.0 HIGH· v3 N/A· v2 An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.
CVE-2022-45884 2Linux Netapp 6H300s Firmware H410c FirmwareH410s Firmware+3 more Jun 17, 2026 Nov 25, 2022 N/A· v4 7.0 HIGH· v3 N/A· v2 An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.
CVE-2022-42896 1Linux 1Linux Kernel Jun 17, 2026 Nov 23, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotel...Show more There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url Show less
CVE-2022-3910 1Linux 1Linux Kernel Jun 17, 2026 Nov 22, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixe...Show more Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 Show less
CVE-2022-40129 1Foxit 1Pdf Reader Jun 17, 2026 Nov 21, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional...Show more A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.Show less
CVE-2022-38097 1Foxit 1Pdf Reader Jun 17, 2026 Nov 21, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely destroying annotation objects, a specially-crafted PDF document can trigger the reuse of...Show more A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely destroying annotation objects, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.Show less
CVE-2022-37332 1Foxit 1Pdf Reader Jun 17, 2026 Nov 21, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing media pl...Show more A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing media player API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.Show less
CVE-2022-32774 1Foxit 1Pdf Reader Jun 17, 2026 Nov 21, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely deleting objects associated with pages, a specially-crafted PDF document can trigger the...Show more A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely deleting objects associated with pages, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.Show less
CVE-2022-45146 1Bouncycastle 1Fips Java Api Jun 17, 2026 Nov 21, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporar...Show more An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. NOTE: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11.Show less
CVE-2022-45474 1Drachtio 1Drachtio Server Jun 17, 2026 Nov 18, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request.
CVE-2022-25743 1Qualcomm 189Apq8009 Firmware Apq8009w FirmwareApq8017 Firmware+186 more Jun 17, 2026 Nov 15, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...Show more Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesShow less
CVE-2022-44550 1Huawei 2Emui Harmonyos Jun 17, 2026 Nov 9, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-44547 1Huawei 2Emui Harmonyos Jun 17, 2026 Nov 9, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability.
CVE-2022-3450 1Google 1Chrome Jun 17, 2026 Nov 9, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Previous 1...205206207...373 Next