Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,455)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-21417 2Debian Fluidsynth 2Debian Linux Fluidsynth Nov 21, 2024 Apr 29, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file.
CVE-2021-21226 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Apr 26, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21214 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Apr 26, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
CVE-2021-21213 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Apr 26, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21207 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Apr 26, 2021 N/A· v4 8.6 HIGH· v3 6.8 MEDIUM· v2 Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2021-21206 2Fedoraproject Google 2Chrome Fedora Oct 24, 2025 Apr 26, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21204 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Apr 26, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21203 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Apr 26, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21202 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Apr 26, 2021 N/A· v4 8.6 HIGH· v3 6.8 MEDIUM· v2 Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2021-21201 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Apr 26, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-31804 1Leocad 1Leocad Nov 21, 2024 Apr 26, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 LeoCAD before 21.03 sometimes allows a use-after-free during the opening of a new document.
CVE-2021-22893 1Ivanti 1Connect Secure Dec 18, 2025 Apr 23, 2021 N/A· v4 10.0 CRITICAL· v3 7.5 HIGH· v2 Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow...Show more Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.Show less
CVE-2021-0270 1Juniper 1Junos Nov 21, 2024 Apr 22, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 On PTX Series and QFX10k Series devices with the "inline-jflow" feature enabled, a use after free weakness in the Packet Forwarding Engine (PFE) microkernel architecture of Juniper Networks Junos OS may allow an attacker...Show more On PTX Series and QFX10k Series devices with the "inline-jflow" feature enabled, a use after free weakness in the Packet Forwarding Engine (PFE) microkernel architecture of Juniper Networks Junos OS may allow an attacker to cause a Denial of Service (DoS) condition whereby one or more Flexible PIC Concentrators (FPCs) may restart. As this is a race condition situation this issue become more likely to be hit when network instability occurs, such as but not limited to BGP/IGP reconvergences, and/or further likely to occur when more active "traffic flows" are occurring through the device. When this issue occurs, it will cause one or more FPCs to restart unexpectedly. During FPC restarts core files will be generated. While the core file is generated traffic will be disrupted. Sustained receipt of large traffic flows and reconvergence-like situations may sustain the Denial of Service (DoS) situation. This issue affects: Juniper Networks Junos OS: 18.1 version 18.1R2 and later versions prior to 18.1R3-S10 on PTX Series, QFX10K Series.Show less
CVE-2021-0262 1Juniper 1Junos Nov 21, 2024 Apr 22, 2021 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 Through routine static code analysis of the Juniper Networks Junos OS software codebase, the Secure Development Life Cycle team identified a Use After Free vulnerability in PFE packet processing on the QFX10002-60C switc...Show more Through routine static code analysis of the Juniper Networks Junos OS software codebase, the Secure Development Life Cycle team identified a Use After Free vulnerability in PFE packet processing on the QFX10002-60C switching platform. Exploitation of this vulnerability may allow a logically adjacent attacker to trigger a Denial of Service (DoS). Continued exploitation of this vulnerability will sustain the Denial of Service (DoS) condition. This issue only affects QFX10002-60C devices. No other product or platform is vulnerable to this issue. This issue affects Juniper Networks Junos OS on QFX10002-60C: 19.1 version 19.1R3-S1 and later versions; 19.1 versions prior to 19.1R3-S3; 19.2 version 19.2R2 and later versions; 19.2 versions prior to 19.2R3-S1; 20.2 versions prior to 20.2R1-S2. This issue does not affect Juniper Networks Junos OS: versions prior to 19.1R3; 19.2 versions prior to 19.2R2; any version of 19.3; version 20.2R2 and later releases.Show less
CVE-2020-35980 1Gpac 1Gpac Nov 21, 2024 Apr 21, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.
CVE-2021-3497 4Debian GstreamerGstreamer Project+1 more 4Debian Linux Enterprise LinuxGstreamer+1 more Mar 17, 2026 Apr 19, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.
CVE-2021-27031 1Autodesk 1Fbx Review Nov 21, 2024 Apr 19, 2021 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, t...Show more A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.Show less
CVE-2021-28454 1Microsoft 4365 Apps OfficeOffice Online Server+1 more Nov 21, 2024 Apr 13, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-0442 1Google 1Android Nov 21, 2024 Apr 13, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In updateInfo of android_hardware_input_InputApplicationHandle.cpp, there is a possible control of code flow due to a use after free. This could lead to local escalation of privilege with no additional execution privileg...Show more In updateInfo of android_hardware_input_InputApplicationHandle.cpp, there is a possible control of code flow due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174768985Show less
CVE-2021-0429 1Google 1Android Nov 21, 2024 Apr 13, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...Show more In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-175074139Show less

Previous 1...259260261...373 Next