Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,455)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-12361 1Intel 1Graphics Drivers Nov 21, 2024 Feb 17, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Use after free in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2020-35512 1Freedesktop 1Dbus Nov 21, 2024 Feb 15, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When...Show more A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviorsShow less
CVE-2021-21061 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Nov 21, 2024 Feb 11, 2021 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 Acrobat Pro DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use-after-free vulnerability when parsing a specially crafted PDF file. An un...Show more Acrobat Pro DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use-after-free vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-21041 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Nov 21, 2024 Feb 11, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker could leverage t...Show more Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-21040 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Nov 21, 2024 Feb 11, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage t...Show more Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-21039 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Nov 21, 2024 Feb 11, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage t...Show more Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-21035 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Nov 21, 2024 Feb 11, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage t...Show more Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-21033 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Nov 21, 2024 Feb 11, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage t...Show more Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-21028 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Nov 21, 2024 Feb 11, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage t...Show more Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-21021 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Nov 21, 2024 Feb 11, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage t...Show more Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2020-13548 1Foxitsoftware 1Foxit Reader Nov 21, 2024 Feb 10, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to tri...Show more In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.Show less
CVE-2021-0335 1Google 1Android Nov 21, 2024 Feb 10, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is neede...Show more In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160346309Show less
CVE-2021-0332 1Google 1Android Nov 21, 2024 Feb 10, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed...Show more In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-169256435Show less
CVE-2021-0330 1Google 1Android Nov 21, 2024 Feb 10, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed....Show more In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-170732441Show less
CVE-2019-17582 1Libzip 1Libzip Nov 21, 2024 Feb 9, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after...Show more A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858."Show less
CVE-2021-21146 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Feb 9, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21145 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Feb 9, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21142 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Feb 9, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21138 1Google 1Chrome Nov 21, 2024 Feb 9, 2021 N/A· v4 8.6 HIGH· v3 6.8 MEDIUM· v2 Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file.
CVE-2021-21124 2Google Microsoft 2Chrome Edge Chromium Nov 21, 2024 Feb 9, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Previous 1...263264265...373 Next