CWE-416
7,455 CVEs • Abstraction: Variant • Likelihood of Exploit: High
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
CVEs (7,455)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
2Fedoraproject Xpdfreader2Fedora XpdfNov 21, 2024 Nov 21, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested...Show more |
1Vmware 4Cloud Foundation EsxiFusion+1 moreOct 31, 2025 Nov 20, 2020 N/A· v4 8.2 HIGH· v3 4.6 MEDIUM· v2 VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the X...Show more |
libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c. |
1Intel 1Trusted Execution Engine Nov 21, 2024 Nov 12, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access. |
1Intel 2Converged Security And Manageability Engine Trusted Execution TechnologyNov 21, 2024 Nov 12, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially e...Show more |
1Qualcomm 31Apq8009w Firmware Msm8909w FirmwareQcs605 Firmware+28 moreNov 21, 2024 Nov 12, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer...Show more |
In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User...Show more |
1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 moreNov 21, 2024 Nov 5, 2020 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability that could result in a memory address leak. Exploitati...Show more |
1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 moreNov 21, 2024 Nov 5, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could r...Show more |
1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 moreNov 21, 2024 Nov 5, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability when handling malicious JavaScript. This vulnerability...Show more |
1Whatsapp 2Whatsapp Whatsapp BusinessNov 21, 2024 Nov 3, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could h...Show more |
4Debian FedoraprojectGoogle+1 more5Backports Sle ChromeDebian Linux+2 moreNov 21, 2024 Nov 3, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
4Debian FedoraprojectGoogle+1 more4Backports Sle ChromeDebian Linux+1 moreNov 21, 2024 Nov 3, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
4Debian FedoraprojectGoogle+1 more4Backports Sle ChromeDebian Linux+1 moreNov 21, 2024 Nov 3, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
4Debian FedoraprojectGoogle+1 more4Backports Sle ChromeDebian Linux+1 moreNov 21, 2024 Nov 3, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Use after free in printing in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |