CWE-416
7,455 CVEs • Abstraction: Variant • Likelihood of Exploit: High
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
CVEs (7,455)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
4Debian FedoraprojectGoogle+1 more5Backports Sle ChromeDebian Linux+2 moreNov 21, 2024 Sep 21, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
4Debian FedoraprojectGoogle+1 more5Backports Sle ChromeDebian Linux+2 moreNov 21, 2024 Sep 21, 2020 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
4Debian FedoraprojectGoogle+1 more5Backports Sle ChromeDebian Linux+2 moreNov 21, 2024 Sep 21, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraNov 21, 2024 Sep 21, 2020 N/A· v4 8.6 HIGH· v3 6.8 MEDIUM· v2 Use after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraNov 21, 2024 Sep 21, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraNov 21, 2024 Sep 21, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraNov 21, 2024 Sep 21, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraNov 21, 2024 Sep 21, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraNov 21, 2024 Sep 21, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraNov 21, 2024 Sep 21, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in audio in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraNov 21, 2024 Sep 21, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraNov 21, 2024 Sep 21, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraNov 21, 2024 Sep 21, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraNov 21, 2024 Sep 21, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraNov 21, 2024 Sep 21, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
3Debian FedoraprojectGoogle3Chrome Debian LinuxFedoraNov 21, 2024 Sep 21, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
1Huawei 1Taurus An00b Firmware Nov 21, 2024 Sep 18, 2020 N/A· v4 6.5 MEDIUM· v3 4.6 MEDIUM· v2 Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitatio...Show more |
In NFC, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: Andro...Show more |
In SurfaceFlinger, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Pro...Show more |
In SurfaceFlinger, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is n...Show more |