Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,453)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-15569 2Debian Milkytracker Project 2Debian Linux Milkytracker Nov 21, 2024 Jul 6, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor.
CVE-2020-15475 1Ntop 1Ndpi Nov 21, 2024 Jul 1, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c omits certain reinitialization, leading to a use-after-free.
CVE-2020-15389 3Debian OracleUclouvain 3Debian Linux OpenjpegOutside In Technology Nov 21, 2024 Jun 29, 2020 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be...Show more jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.Show less
CVE-2020-9567 1Adobe 1Bridge May 5, 2025 Jun 26, 2020 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2020-9566 1Adobe 1Bridge May 5, 2025 Jun 26, 2020 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2020-15305 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Jun 26, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.
CVE-2020-9607 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Jun 25, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an use-after-free vulnerability. Successful exploitation could lea...Show more Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .Show less
CVE-2020-9606 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Jun 25, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an use-after-free vulnerability. Successful exploitation could lea...Show more Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .Show less
CVE-2020-3963 1Vmware 4Cloud Foundation EsxiFusion+1 more Nov 21, 2024 Jun 25, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerabi...Show more VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory.Show less
CVE-2020-3962 1Vmware 4Cloud Foundation EsxiFusion+1 more Nov 21, 2024 Jun 24, 2020 N/A· v4 8.2 HIGH· v3 4.4 MEDIUM· v2 VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerabi...Show more VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine.Show less
CVE-2020-4031 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraFreerdp+2 more Nov 21, 2024 Jun 22, 2020 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2.
CVE-2020-4060 1Semtech 1Lora Basics Station Nov 21, 2024 Jun 22, 2020 N/A· v4 5.0 MEDIUM· v3 4.0 MEDIUM· v2 In LoRa Basics Station before 2.0.4, there is a Use After Free vulnerability that leads to memory corruption. This bug is triggered on 32-bit machines when the CUPS server responds with a message (https://doc.sm.tc/stati...Show more In LoRa Basics Station before 2.0.4, there is a Use After Free vulnerability that leads to memory corruption. This bug is triggered on 32-bit machines when the CUPS server responds with a message (https://doc.sm.tc/station/cupsproto.html#http-post-response) where the signature length is larger than 2 GByte (never happens in practice), or the response is crafted specifically to trigger this issue (i.e. the length signature field indicates a value larger than (2**31)-1 although the signature actually does not contain that much data). In such a scenario, on 32 bit machines, Basic Station would execute a code path, where a piece of memory is accessed after it has been freed, causing the process to crash and restarted again. The CUPS transaction is typically mutually authenticated over TLS. Therefore, in order to trigger this vulnerability, the attacker would have to gain access to the CUPS server first. If the user chose to operate without authentication over TLS but yet is concerned about this vulnerability, one possible workaround is to enable TLS authentication. This has been fixed in 2.0.4.Show less
CVE-2020-3642 1Qualcomm 13Kamorta Firmware Qcs605 FirmwareRennell Firmware+10 more Nov 21, 2024 Jun 22, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/destroy of the object in Snapdragon Consumer IOT, Snapdragon Mobile in Kamorta, QCS605, Re...Show more Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/destroy of the object in Snapdragon Consumer IOT, Snapdragon Mobile in Kamorta, QCS605, Rennell, Saipan, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130Show less
CVE-2020-14416 2Linux Opensuse 2Leap Linux Kernel Nov 21, 2024 Jun 18, 2020 N/A· v4 4.2 MEDIUM· v3 4.7 MEDIUM· v2 In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/...Show more In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c.Show less
CVE-2020-0232 1Google 1Android Nov 21, 2024 Jun 16, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds it to the session object then continues to work with it. A concurrent thread could retrieve created transfer object from the session object and delete...Show more Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds it to the session object then continues to work with it. A concurrent thread could retrieve created transfer object from the session object and delete it using abc_pcie_dma_user_xfer_clean. If this happens, abc_pcie_start_dma_xfer and abc_pcie_wait_dma_xfer in the original thread will trigger UAF when working with the transfer object.Product: AndroidVersions: Android kernelAndroid ID: A-151453714Show less
CVE-2020-0595 1Intel 2Active Management Technology Firmware Service Manager Nov 21, 2024 Jun 15, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access...Show more Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.Show less
CVE-2020-9633 1Adobe 2Flash Player Flash Player Desktop Runtime Nov 21, 2024 Jun 12, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have an use a...Show more Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.Show less
CVE-2020-0233 1Google 1Android Nov 21, 2024 Jun 11, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In main of main.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploi...Show more In main of main.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150225255Show less
CVE-2020-0212 1Google 1Android Nov 21, 2024 Jun 11, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In _onBufferDestroyed of InputBufferManager.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User inter...Show more In _onBufferDestroyed of InputBufferManager.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-135140854Show less
CVE-2020-0199 1Google 1Android Nov 21, 2024 Jun 11, 2020 N/A· v4 4.1 MEDIUM· v3 1.9 LOW· v2 In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there is a possible use-after-free due to a race condition. This could lead to local information disclosure with System execution privileges needed. User intera...Show more In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there is a possible use-after-free due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142142406Show less

Previous 1...276277278...373 Next