Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,456)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-33027 1Gnu 1Libredwg Jun 17, 2026 Jun 23, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c.
CVE-2022-33025 1Gnu 1Libredwg Jun 17, 2026 Jun 23, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c.
CVE-2022-27868 1Autodesk 1Autocad Jun 17, 2026 Jun 21, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
CVE-2022-27867 1Autodesk 1Autocad Jun 17, 2026 Jun 21, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
CVE-2022-32414 1F5 1Njs Jun 17, 2026 Jun 21, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c.
CVE-2022-31307 1F5 1Njs Jun 17, 2026 Jun 21, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c.
CVE-2022-31306 1F5 1Njs Jun 17, 2026 Jun 21, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c.
CVE-2021-41682 1Jerryscript 1Jerryscript Jun 17, 2026 Jun 20, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_compare_ecma_non_direct_strings in JerryScript 2.4.0
CVE-2022-33981 2Debian Linux 2Debian Linux Linux Kernel Jun 17, 2026 Jun 18, 2022 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
CVE-2022-21806 1Anker 1Eufy Homebase 2 Firmware Jun 17, 2026 Jun 17, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is expos...Show more A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is exposed to attacks from the network.Show less
CVE-2022-27512 1Citrix 1Application Delivery Management Jun 17, 2026 Jun 16, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM.
CVE-2022-30657 1Adobe 1Incopy Jun 17, 2026 Jun 16, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issu...Show more Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-30655 1Adobe 1Incopy Jun 17, 2026 Jun 16, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issu...Show more Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-30648 1Adobe 1Illustrator Jun 17, 2026 Jun 15, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of th...Show more Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-30647 1Adobe 1Illustrator Jun 17, 2026 Jun 15, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of th...Show more Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-28849 1Adobe 1Bridge Jun 17, 2026 Jun 15, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...Show more Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-28842 1Adobe 1Bridge Jun 17, 2026 Jun 15, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...Show more Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-20185 1Google 1Android Jun 17, 2026 Jun 15, 2022 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In TBD of TBD, there is a possible use after free bug. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: A...Show more In TBD of TBD, there is a possible use after free bug. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208842348References: N/AShow less
CVE-2022-20141 1Google 1Android Jun 17, 2026 Jun 15, 2022 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges nee...Show more In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernelShow less
CVE-2022-21504 1Oracle 1Linux Jun 17, 2026 Jun 14, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another...Show more The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another portion of the kernel. An attack with local access can operate on the socket, and cause a denial of service. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).Show less

Previous 1...221222223...373 Next