Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,455)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-30554 2Fedoraproject Google 2Chrome Fedora Oct 24, 2025 Jul 2, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-36086 4Debian FedoraprojectNetapp+1 more 8Active Iq Unified Manager Bootstrap OsDebian Linux+5 more Mar 24, 2026 Jul 1, 2021 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).
CVE-2021-36085 2Fedoraproject Selinux Project 2Fedora Selinux Nov 3, 2025 Jul 1, 2021 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).
CVE-2021-36084 2Fedoraproject Selinux Project 2Fedora Selinux Nov 3, 2025 Jul 1, 2021 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).
CVE-2021-36081 1Tesseract Ocr Project 1Tesseract Ocr Nov 21, 2024 Jul 1, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-free during a strpbrk call.
CVE-2020-36405 1Keystone Engine 1Keystone Engine Nov 21, 2024 Jul 1, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::getToken.
CVE-2021-22350 1Huawei 2Emui Magic Ui Nov 21, 2024 Jun 30, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the device to crash and restart.
CVE-2021-22348 1Huawei 2Emui Magic Ui Nov 21, 2024 Jun 30, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause code to execute.
CVE-2021-22353 1Huawei 2Emui Magic Ui Nov 21, 2024 Jun 30, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the kernel to restart.
CVE-2021-31516 1Vector35 1Binary Ninja Nov 21, 2024 Jun 29, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). User interaction is required to exploit this vulnerability in that th...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BNDB files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13670.Show less
CVE-2021-28691 2Linux Netapp 10Cloud Backup H300e FirmwareH300s Firmware+7 more Nov 21, 2024 Jun 29, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to...Show more Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer.Show less
CVE-2021-22545 1Google 1Bindiff Nov 21, 2024 Jun 29, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An attacker can craft a specific IdaPro .i64 file that will cause the BinDiff plugin to load an invalid memory offset. This can allow the attacker to control the instruction pointer and execute arbitrary code. It is rec...Show more An attacker can craft a specific IdaPro .i64 file that will cause the BinDiff plugin to load an invalid memory offset. This can allow the attacker to control the instruction pointer and execute arbitrary code. It is recommended to upgrade BinDiff 7Show less
CVE-2021-28562 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Jun 28, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability when executing search queries through Javascr...Show more Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability when executing search queries through Javascript. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-27649 1Synology 2Diskstation Manager Diskstation Manager Unified Controller Jan 14, 2025 Jun 23, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2021-0606 1Google 1Android Nov 21, 2024 Jun 22, 2021 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is...Show more In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168034487Show less
CVE-2021-0565 1Google 1Android Nov 21, 2024 Jun 22, 2021 N/A· v4 7.0 HIGH· v3 4.4 MEDIUM· v2 In wrapUserThread of AudioStream.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not n...Show more In wrapUserThread of AudioStream.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174801970Show less
CVE-2021-0535 1Google 1Android Nov 21, 2024 Jun 22, 2021 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interacti...Show more In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168314741Show less
CVE-2021-0531 1Google 1Android Nov 21, 2024 Jun 21, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...Show more In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195272Show less
CVE-2021-0527 1Google 1Android Nov 21, 2024 Jun 21, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...Show more In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193931Show less
CVE-2021-0525 1Google 1Android Nov 21, 2024 Jun 21, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In memory management driver, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not neede...Show more In memory management driver, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193929Show less

Previous 1...253254255...373 Next