Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,456)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-0465 1Google 1Chrome Jun 17, 2026 Apr 5, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Extensions in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via user interaction.
CVE-2022-0464 1Google 1Chrome Jun 17, 2026 Apr 5, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
CVE-2022-0463 1Google 1Chrome Jun 17, 2026 Apr 5, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
CVE-2022-0460 1Google 1Chrome Jun 17, 2026 Apr 5, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0459 1Google 1Chrome Jun 17, 2026 Apr 5, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Screen Capture in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process and convinced a user to engage in specific user interaction to potentially exploi...Show more Use after free in Screen Capture in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process and convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.Show less
CVE-2022-0458 1Google 1Chrome Jun 17, 2026 Apr 5, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Thumbnail Tab Strip in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0456 1Google 1Chrome Jun 17, 2026 Apr 5, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Web Search in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via profile destruction.
CVE-2022-0453 1Google 1Chrome Jun 17, 2026 Apr 5, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0452 1Google 1Chrome Jun 17, 2026 Apr 5, 2022 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2022-0609 1Google 1Chrome Jun 17, 2026 Apr 5, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0607 1Google 1Chrome Jun 17, 2026 Apr 5, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0606 1Google 1Chrome Jun 17, 2026 Apr 5, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0605 1Google 1Chrome Jun 17, 2026 Apr 5, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially e...Show more Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.Show less
CVE-2022-0603 1Google 1Chrome Jun 17, 2026 Apr 5, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-26417 1Omron 1Cx Position Jun 17, 2026 Apr 1, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code.
CVE-2021-35115 1Qualcomm 28Apq8096au Firmware Ar6003 FirmwareMdm8215 Firmware+25 more Jun 17, 2026 Apr 1, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Improper handling of multiple session supported by PVM backend can lead to use after free in Snapdragon Auto, Snapdragon Mobile
CVE-2022-24791 1Bytecodealliance 1Wasmtime Jun 17, 2026 Mar 31, 2022 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If...Show more Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption (it is disabled by default) then you are not affected. If you are explicitly disabling the Wasm reference types proposal (it is enabled by default) then you are also not affected. The use after free is caused by Cranelift failing to emit stack maps when there are safepoints inside cold blocks. Cold blocks occur when epoch interruption is enabled. Cold blocks are emitted at the end of compiled functions, and change the order blocks are emitted versus defined. This reordering accidentally caused Cranelift to skip emitting some stack maps because it expected to emit the stack maps in block definition order, rather than block emission order. When Wasmtime would eventually collect garbage, it would fail to find live references on the stack because of the missing stack maps, think that they were unreferenced garbage, and therefore reclaim them. Then after the collection ended, the Wasm code could use the reclaimed-too-early references, which is a use after free. Patches have been released in versions 0.34.2 and 0.35.2, which fix the vulnerability. All Wasmtime users are recommended to upgrade to these patched versions. If upgrading is not an option for you at this time, you can avoid the vulnerability by either: disabling the Wasm reference types proposal, config.wasm_reference_types(false); or by disabling epoch interruption if you were previously enabling it. config.epoch_interruption(false).Show less
CVE-2021-39776 1Google 1Android Jun 17, 2026 Mar 30, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In NFC, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: Andr...Show more In NFC, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192614125Show less
CVE-2022-1154 4Debian FedoraprojectOracle+1 more 4Communications Cloud Native Core Network Exposure Function Debian LinuxFedora+1 more Jun 17, 2026 Mar 30, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
CVE-2022-1050 1Qemu 1Qemu Jun 17, 2026 Mar 29, 2022 N/A· v4 8.8 HIGH· v3 4.6 MEDIUM· v2 A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-afte...Show more A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.Show less

Previous 1...228229230...373 Next