Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,456)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-30616 2Fedoraproject Microsoft 3Edge Edge ChromiumFedora Nov 21, 2024 Sep 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Chromium: CVE-2021-30616 Use after free in Media
CVE-2021-30613 2Fedoraproject Microsoft 3Edge Edge ChromiumFedora Nov 21, 2024 Sep 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Chromium: CVE-2021-30613 Use after free in Base internals
CVE-2021-30612 2Fedoraproject Microsoft 3Edge Edge ChromiumFedora Nov 21, 2024 Sep 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Chromium: CVE-2021-30612 Use after free in WebRTC
CVE-2021-30611 2Fedoraproject Microsoft 3Edge Edge ChromiumFedora Nov 21, 2024 Sep 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Chromium: CVE-2021-30611 Use after free in WebRTC
CVE-2021-30610 2Fedoraproject Microsoft 3Edge Edge ChromiumFedora Nov 21, 2024 Sep 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Chromium: CVE-2021-30610 Use after free in Extensions API
CVE-2021-30609 2Fedoraproject Microsoft 3Edge Edge ChromiumFedora Nov 21, 2024 Sep 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Chromium: CVE-2021-30609 Use after free in Sign-In
CVE-2021-30608 2Fedoraproject Microsoft 3Edge Edge ChromiumFedora Nov 21, 2024 Sep 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Chromium: CVE-2021-30608 Use after free in Web Share
CVE-2021-30607 2Fedoraproject Microsoft 3Edge Edge ChromiumFedora Nov 21, 2024 Sep 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Chromium: CVE-2021-30607 Use after free in Permissions
CVE-2021-30606 2Fedoraproject Microsoft 3Edge Edge ChromiumFedora Nov 21, 2024 Sep 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Chromium: CVE-2021-30606 Use after free in Blink
CVE-2021-28553 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Nov 21, 2024 Sep 2, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage...Show more Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-28550 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Oct 23, 2025 Sep 2, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage t...Show more Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-36055 2Adobe Debian 2Debian Linux Xmp Toolkit Software Development Kit Nov 3, 2025 Sep 1, 2021 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user inte...Show more XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-30604 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Aug 26, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30602 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Aug 26, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30601 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Aug 26, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30600 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Aug 26, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30597 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Aug 26, 2021 N/A· v4 6.8 MEDIUM· v3 4.6 MEDIUM· v2 Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.
CVE-2021-30594 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Aug 26, 2021 N/A· v4 6.8 MEDIUM· v3 4.6 MEDIUM· v2 Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.
CVE-2021-30591 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Aug 26, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-32781 1Envoyproxy 1Envoy Nov 21, 2024 Aug 24, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of requ...Show more Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processed by the filter chain the operation may not be stopped completely and result in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as decompressor filter. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to address incomplete termination of request processing after locally generated response. As a workaround disable Envoy's decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies, if feasible.Show less

Previous 1...247248249...373 Next