Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,456)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-27795 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Jun 17, 2026 May 11, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in...Show more Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-27790 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Jun 17, 2026 May 11, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of fonts that could result in arbitrary co...Show more Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of fonts that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-27789 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Jun 17, 2026 May 11, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in...Show more Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-27786 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Jun 17, 2026 May 11, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of fonts that could result in arbitrary co...Show more Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of fonts that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-27785 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Jun 17, 2026 May 11, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of fonts that could result in arbitrary co...Show more Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of fonts that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-24104 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Jun 17, 2026 May 11, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context...Show more Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-24103 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Jun 17, 2026 May 11, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context...Show more Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-24102 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Jun 17, 2026 May 11, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context...Show more Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-24101 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Jun 17, 2026 May 11, 2022 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attack...Show more Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-20118 1Google 1Android Jun 17, 2026 May 10, 2022 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction i...Show more In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205707793References: N/AShow less
CVE-2022-1616 4Apple DebianFedoraproject+1 more 4Debian Linux FedoraMacos+1 more Jun 17, 2026 May 7, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
CVE-2022-28279 1Adobe 1Photoshop Jun 17, 2026 May 6, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this...Show more Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-28271 1Adobe 1Photoshop Jun 17, 2026 May 6, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this...Show more Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.Show less
CVE-2022-1516 2Debian Linux 2Debian Linux Linux Kernel Jun 17, 2026 May 5, 2022 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of t...Show more A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system.Show less
CVE-2022-20091 1Google 1Android Jun 17, 2026 May 3, 2022 N/A· v4 6.4 MEDIUM· v3 4.4 MEDIUM· v2 In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch...Show more In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06226345.Show less
CVE-2022-20090 1Google 1Android Jun 17, 2026 May 3, 2022 N/A· v4 6.4 MEDIUM· v3 4.4 MEDIUM· v2 In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch...Show more In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209197; Issue ID: ALPS06209197.Show less
CVE-2021-3750 2Qemu Redhat 2Enterprise Linux Qemu Jun 17, 2026 May 2, 2022 N/A· v4 8.2 HIGH· v3 4.6 MEDIUM· v2 A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to...Show more A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.Show less
CVE-2022-1195 2Debian Linux 2Debian Linux Linux Kernel Jun 17, 2026 Apr 29, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detache...Show more A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early.Show less
CVE-2022-1114 1Imagemagick 1Imagemagick Jun 17, 2026 Apr 29, 2022 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion...Show more A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.Show less
CVE-2022-1048 4Debian LinuxNetapp+1 more 11Debian Linux Enterprise LinuxH300e Firmware+8 more Jun 17, 2026 Apr 29, 2022 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. T...Show more A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.Show less

Previous 1...225226227...373 Next