Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,456)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-34834 2Foxit Foxitsoftware 2Pdf Editor Pdf Reader Nov 21, 2024 Aug 4, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14014.Show less
CVE-2021-34833 2Foxit Foxitsoftware 2Pdf Editor Pdf Reader Nov 21, 2024 Aug 4, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14023.Show less
CVE-2021-34832 2Foxit Foxitsoftware 2Pdf Editor Pdf Reader Nov 21, 2024 Aug 4, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the delay property. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13928.Show less
CVE-2021-34831 2Foxit Foxitsoftware 2Pdf Editor Pdf Reader Nov 21, 2024 Aug 4, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.4.37651. User interaction is required to exploit this vulnerability in that the target must visit a mali...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.4.37651. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Document objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13741.Show less
CVE-2021-30586 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Aug 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML...Show more Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.Show less
CVE-2021-30585 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Aug 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30581 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Aug 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30579 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Aug 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30576 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Aug 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30574 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Aug 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30573 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Aug 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30572 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Aug 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30569 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Aug 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30567 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Aug 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture.
CVE-2021-30562 1Google 1Chrome Nov 21, 2024 Aug 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30560 4Debian GoogleSplunk+1 more 4Chrome Debian LinuxLibxslt+1 more May 5, 2025 Aug 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30541 1Google 1Chrome Nov 21, 2024 Aug 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-22390 1Huawei 2Emui Magic Ui Nov 21, 2024 Aug 2, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed.
CVE-2021-29657 1Linux 1Linux Kernel Nov 21, 2024 Jul 22, 2021 N/A· v4 7.4 HIGH· v3 6.9 MEDIUM· v2 arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs becaus...Show more arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in nested_svm_vmrun.Show less
CVE-2020-19474 1Flowpaper 1Pdf2json Nov 21, 2024 Jul 21, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue has been found in function Gfx::doShowText in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an Use After Free .

Previous 1...251252253...373 Next