Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,455)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-27918 4Apple DebianFedoraproject+1 more 11Debian Linux FedoraIcloud+8 more Nov 21, 2024 Dec 8, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 fo...Show more A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.Show less
CVE-2020-27926 1Apple 2Ipados Iphone Os Nov 21, 2024 Dec 8, 2020 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2020-27917 1Apple 7Icloud IpadosIphone Os+4 more Nov 21, 2024 Dec 8, 2020 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Proc...Show more A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to code execution.Show less
CVE-2020-25663 1Imagemagick 1Imagemagick Nov 21, 2024 Dec 8, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could...Show more A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0.Show less
CVE-2020-9996 1Apple 3Ipados Iphone OsMac Os X Nov 21, 2024 Dec 8, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to elevate privileges.
CVE-2020-9981 1Apple 7Icloud IpadosIphone Os+4 more Nov 21, 2024 Dec 8, 2020 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7,...Show more A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted file may lead to arbitrary code execution.Show less
CVE-2020-9950 1Apple 5Ipados Iphone OsSafari+2 more Nov 21, 2024 Dec 8, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, tvOS 14.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Processing maliciously crafted web content may lead to arbitrary...Show more A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, tvOS 14.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.Show less
CVE-2020-9949 1Apple 5Ipados Iphone OsMac Os X+2 more Nov 21, 2024 Dec 8, 2020 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security...Show more A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra, tvOS 14.0. An application may be able to execute arbitrary code with kernel privileges.Show less
CVE-2020-9947 1Apple 7Icloud IpadosIphone Os+4 more Nov 21, 2024 Dec 8, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing...Show more A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.Show less
CVE-2020-14381 1Linux 1Linux Kernel Feb 25, 2026 Dec 3, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. Th...Show more A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.Show less
CVE-2020-14351 3Debian LinuxRedhat 3Debian Linux Enterprise LinuxLinux Kernel Nov 21, 2024 Dec 3, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The...Show more A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.Show less
CVE-2020-13584 2Fedoraproject Webkitgtk 2Fedora Webkitgtk Nov 21, 2024 Dec 3, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs t...Show more An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.Show less
CVE-2020-13543 1Webkitgtk 1Webkitgtk Nov 21, 2024 Dec 3, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacke...Show more A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability.Show less
CVE-2020-13531 1Pixar 1Openusd Nov 21, 2024 Dec 3, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual USD files. A specially crafted file can trigger the reuse of a freed memory which can result in further memory corrupti...Show more A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual USD files. A specially crafted file can trigger the reuse of a freed memory which can result in further memory corruption and arbitrary code execution. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file.Show less
CVE-2020-25656 4Debian LinuxRedhat+1 more 4Debian Linux Enterprise LinuxLinux Kernel+1 more Nov 21, 2024 Dec 2, 2020 N/A· v4 4.1 MEDIUM· v3 1.9 LOW· v2 A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The hi...Show more A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.Show less
CVE-2019-20934 1Linux 1Linux Kernel Nov 21, 2024 Nov 28, 2020 N/A· v4 5.3 MEDIUM· v3 5.4 MEDIUM· v2 An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
CVE-2020-27207 1Zetetic 1Sqlcipher Nov 21, 2024 Nov 26, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to...Show more Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read.Show less
CVE-2020-15436 3Broadcom LinuxNetapp 19A250 Firmware A700s FirmwareAff 500f Firmware+16 more Nov 21, 2024 Nov 23, 2020 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
CVE-2019-14586 2Debian Tianocore 2Debian Linux Edk2 Nov 21, 2024 Nov 23, 2020 N/A· v4 8.0 HIGH· v3 5.2 MEDIUM· v2 Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.
CVE-2019-2393 1Mongodb 1Mongodb Nov 21, 2024 Nov 23, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB...Show more A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13 and MongoDB Server v3.6 versions prior to 3.6.15.Show less

Previous 1...268269270...373 Next