Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,456)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-38667 1Crowcpp 1Crow Jun 17, 2026 Aug 22, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unawa...Show more HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request.Show less
CVE-2022-23459 1Hjiang 1Json++ Jun 17, 2026 Aug 19, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx use of the Value class may lead to memory corruption via a double free or via a use after free. The value class has a de...Show more Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx use of the Value class may lead to memory corruption via a double free or via a use after free. The value class has a default assignment operator which may be used with pointer types which may point to alterable data where the pointer itself is not updated. This issue exists on the current commit of the jsonxx project. The project itself has been archived and updates are not expected. Users are advised to find a replacement.Show less
CVE-2022-2889 2Fedoraproject Vim 2Fedora Vim Jun 17, 2026 Aug 19, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Use After Free in GitHub repository vim/vim prior to 9.0.0225.
CVE-2022-35164 1Gnu 1Libredwg Jun 17, 2026 Aug 18, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain.
CVE-2022-2862 2Fedoraproject Vim 2Fedora Vim Jun 17, 2026 Aug 17, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Use After Free in GitHub repository vim/vim prior to 9.0.0221.
CVE-2022-36190 1Gpac 1Gpac Jun 17, 2026 Aug 17, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242.
CVE-2022-36149 1Monostream 1Tifig Jun 17, 2026 Aug 16, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 tifig v0.2.2 was discovered to contain a heap-use-after-free via temInfoEntry().
CVE-2022-2817 2Fedoraproject Vim 2Fedora Vim Jun 17, 2026 Aug 15, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Use After Free in GitHub repository vim/vim prior to 9.0.0213.
CVE-2022-2621 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Aug 12, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2614 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Aug 12, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2613 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Aug 12, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI in...Show more Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions.Show less
CVE-2022-2606 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Aug 12, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTM...Show more Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page.Show less
CVE-2022-2604 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Aug 12, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2603 2Fedoraproject Google 2Chrome Fedora Jun 17, 2026 Aug 12, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-29117 1Esri 1Arcreader Jun 17, 2026 Aug 12, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.
CVE-2022-20325 1Google 1Android Jun 17, 2026 Aug 12, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 In Media, there is a possible code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Produ...Show more In Media, there is a possible code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-186473060Show less
CVE-2022-20306 1Google 1Android Jun 17, 2026 Aug 12, 2022 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In Camera Provider HAL, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploita...Show more In Camera Provider HAL, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199680794Show less
CVE-2022-35675 1Adobe 1Framemaker Jun 17, 2026 Aug 11, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Explo...Show more Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-35670 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Jun 17, 2026 Aug 11, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An att...Show more Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-35665 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Jun 17, 2026 Aug 11, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the cont...Show more Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less

Previous 1...214215216...373 Next