Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,456)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-28594 1Prusa3d 1Prusaslicer Nov 21, 2024 Aug 17, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free vulnerability exists in the _3MF_Importer::_handle_end_model() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted 3MF file can lead to code execution. An...Show more A use-after-free vulnerability exists in the _3MF_Importer::_handle_end_model() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2021-22940 5Debian NetappNodejs+2 more 7Debian Linux GraalvmJd Edwards Enterpriseone Tools+4 more Nov 21, 2024 Aug 16, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
CVE-2021-37690 1Google 1Tensorflow Nov 21, 2024 Aug 13, 2021 N/A· v4 6.6 MEDIUM· v3 4.6 MEDIUM· v2 TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output information in the form of a...Show more TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output information in the form of a `ShapeAndType` struct. The shapes embedded in this struct are owned by an inference context that is cleaned up almost immediately; if the upstream code attempts to access this shape information, it can trigger a segfault. `ShapeRefiner` is mitigating this for normal output shapes by cloning them (and thus putting the newly created shape under ownership of an inference context that will not die), but we were not doing the same for shapes and types. This commit fixes that by doing similar logic on output shapes and types. We have patched the issue in GitHub commit ee119d4a498979525046fba1c3dd3f13a039fbb1. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.Show less
CVE-2021-37652 1Google 1Tensorflow Nov 21, 2024 Aug 12, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an attacker supplies spec...Show more TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an attacker supplies specially crafted arguments. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/boosted_trees/resource_ops.cc#L55) uses a reference counted resource and decrements the refcount if the initialization fails, as it should. However, when the code was written, the resource was represented as a naked pointer but later refactoring has changed it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent `free`-ing of the resource occurs, but this fails to take into account that the refcount has already reached 0, thus the resource has been already freed. During this double-free process, members of the resource object are accessed for cleanup but they are invalid as the entire resource has been freed. We have patched the issue in GitHub commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.Show less
CVE-2021-34486 1Microsoft 8Windows 10 1809 Windows 10 1909Windows 10 2004+5 more Oct 30, 2025 Aug 12, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-1114 1Nvidia 1Jetson Linux Nov 21, 2024 Aug 11, 2021 N/A· v4 4.4 MEDIUM· v3 4.9 MEDIUM· v2 NVIDIA Linux kernel distributions contain a vulnerability in the kernel crypto node, where use after free may lead to complete denial of service.
CVE-2021-0012 1Intel 2Graphics Driver Graphics Drivers Nov 21, 2024 Aug 11, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Use after free in some Intel(R) Graphics Driver before version 27.20.100.8336, 15.45.33.5164, and 15.40.47.5166 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2020-21697 2Debian Ffmpeg 2Debian Linux Ffmpeg Nov 21, 2024 Aug 10, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.
CVE-2020-21688 2Debian Ffmpeg 2Debian Linux Ffmpeg Nov 21, 2024 Aug 10, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
CVE-2021-38383 2Owntone Owntone Project 2Owntone Owntone Server Feb 13, 2026 Aug 10, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c.
CVE-2021-38382 1Live555 1Live555 Nov 21, 2024 Aug 10, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.
CVE-2021-38381 1Live555 1Live555 Nov 21, 2024 Aug 10, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.
CVE-2021-37179 1Siemens 1Solid Edge Se2021 Firmware Nov 21, 2024 Aug 10, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). The PSKERNEL.dll library in affected application lacks proper validation while parsing user-supplied OBJ files that could lead to a use...Show more A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). The PSKERNEL.dll library in affected application lacks proper validation while parsing user-supplied OBJ files that could lead to a use-after-free condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13777)Show less
CVE-2021-38204 2Debian Linux 2Debian Linux Linux Kernel Nov 21, 2024 Aug 8, 2021 N/A· v4 6.8 MEDIUM· v3 4.6 MEDIUM· v2 drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.
CVE-2020-36464 1Heapless Project 1Heapless Nov 21, 2024 Aug 8, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed.
CVE-2021-21893 1Foxit 1Pdf Reader Nov 21, 2024 Aug 5, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.0.0.49893. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to ar...Show more A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.0.0.49893. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.Show less
CVE-2021-21870 1Foxit 1Pdf Reader Nov 21, 2024 Aug 5, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.4.37651. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arb...Show more A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.4.37651. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening a malicious file or site to trigger this vulnerability if the browser plugin extension is enabled.Show less
CVE-2021-21831 1Foxit 1Pdf Reader Nov 21, 2024 Aug 5, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to ar...Show more A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.Show less
CVE-2021-29972 1Mozilla 1Firefox Nov 21, 2024 Aug 5, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vul...Show more A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox < 90.Show less
CVE-2021-29970 1Mozilla 3Firefox Firefox EsrThunderbird Nov 21, 2024 Aug 5, 2021 N/A· v4 8.8 HIGH· v3 5.1 MEDIUM· v2 A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug could only be triggered when accessibility was enabled.. This vulnerability affects Thunderbir...Show more A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug could only be triggered when accessibility was enabled.. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.Show less

Previous 1...249250251...373 Next