CWE-416
7,456 CVEs • Abstraction: Variant • Likelihood of Exploit: High
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
CVEs (7,456)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/securi...Show more |
A use after free vulnerability in FATEK Automation WinProladder versions 3.30 and prior may be exploited when a valid user opens a malformed project file, which may allow arbitrary code execution. |
An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed and then later reus...Show more |
1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 moreNov 21, 2024 Oct 15, 2021 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a use-after-free that allow a remote attacker to disclose...Show more |
1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 moreNov 21, 2024 Oct 15, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a use-after-free vulnerability in the processing of the Ge...Show more |
1Microsoft 19Windows 10 1507 Windows 10 1607Windows 10 1809+16 moreOct 30, 2025 Oct 13, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Win32k Elevation of Privilege Vulnerability |
1Anker 1Eufy Homebase 2 Firmware Nov 21, 2024 Oct 12, 2021 N/A· v4 9.0 CRITICAL· v3 6.8 MEDIUM· v2 A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraOct 24, 2025 Oct 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraNov 21, 2024 Oct 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraOct 24, 2025 Oct 8, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraNov 21, 2024 Oct 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraNov 21, 2024 Oct 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraNov 21, 2024 Oct 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraNov 21, 2024 Oct 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraNov 21, 2024 Oct 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraNov 21, 2024 Oct 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. |
2Fedoraproject Google2Chrome FedoraOct 24, 2025 Oct 8, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
2Fedoraproject Google2Chrome FedoraNov 21, 2024 Oct 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. |
2Fedoraproject Google2Chrome FedoraNov 21, 2024 Oct 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page. |
Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext. |