Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,437)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-3792 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Mar 25, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Succes...Show more Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .Show less
CVE-2019-20600 1Google 1Android Nov 21, 2024 Mar 24, 2020 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 An issue was discovered on Samsung mobile devices with O(8.0) and P(9.0) (Exynos8890 chipsets) software. A use-after-free occurs in the MALI GPU driver. The Samsung ID is SVE-2019-13921-1 (May 2019).
CVE-2019-20628 1Gpac 1Gpac Nov 21, 2024 Mar 24, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a cra...Show more An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.Show less
CVE-2019-20582 1Google 1Android Nov 21, 2024 Mar 24, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) devices (Exynos9810 chipsets) software. There is a use after free in the ion driver. The Samsung ID is SVE-2019-14837 (August 2019).
CVE-2019-20568 1Google 1Android Nov 21, 2024 Mar 24, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) devices (Exynos and Qualcomm chipsets) software. A race condition causes a Use-After-Free. The Samsung ID is SVE-2019-15067 (September 2019).
CVE-2020-10845 1Google 1Android Nov 21, 2024 Mar 24, 2020 N/A· v4 6.4 MEDIUM· v3 4.4 MEDIUM· v2 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is a race condition leading to a use-after-free in MTP. The Samsung ID is SVE-2019-16520 (February 2020).
CVE-2020-10838 1Google 1Android Nov 21, 2024 Mar 24, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. PROCA allows a use-after-free and arbitrary code execution. The Samsung ID is SVE-2019-16132 (February 2020).
CVE-2020-6449 5Debian FedoraprojectGoogle+2 more 6Backports Sle ChromeDebian Linux+3 more Nov 21, 2024 Mar 23, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6424 5Debian FedoraprojectGoogle+2 more 6Backports Sle ChromeDebian Linux+3 more Nov 21, 2024 Mar 23, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-8881 1Foxitsoftware 1Foxit Studio Photo Nov 21, 2024 Mar 20, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a m...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9774.Show less
CVE-2019-16338 1Hancom 1Hancom Office Neo Nov 21, 2024 Mar 19, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 allows a use-after-free via a crafted .docx file.
CVE-2019-16337 1Hancom 1Hancom Office Neo Nov 21, 2024 Mar 19, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-free via an unknown object in a crafted .docx file.
CVE-2020-3947 1Vmware 2Fusion Workstation Nov 21, 2024 Mar 16, 2020 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may a...Show more VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.Show less
CVE-2020-6208 1Sap 1Crystal Reports Nov 21, 2024 Mar 10, 2020 N/A· v4 8.2 HIGH· v3 4.4 MEDIUM· v2 SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker...Show more SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability.Show less
CVE-2019-14072 1Qualcomm 32Apq8009 Firmware Apq8096au FirmwareApq8098 Firmware+29 more Nov 21, 2024 Mar 5, 2020 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 Unhandled paging request is observed due to dereferencing an already freed object because of race condition between sparse free and sparse bind ioctls which access the same physical entry in Snapdragon Auto, Snapdragon C...Show more Unhandled paging request is observed due to dereferencing an already freed object because of race condition between sparse free and sparse bind ioctls which access the same physical entry in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8096AU, APQ8098, MDM9607, MSM8909W, MSM8939, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130Show less
CVE-2019-14032 1Qualcomm 34Apq8009 Firmware Apq8017 FirmwareApq8053 Firmware+31 more Nov 21, 2024 Mar 5, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Memory use after free issue in audio due to lack of resource control in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wea...Show more Memory use after free issue in audio due to lack of resource control in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDA845, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130Show less
CVE-2019-14029 1Qualcomm 33Apq8009 Firmware Apq8053 FirmwareApq8096au Firmware+30 more Nov 21, 2024 Mar 5, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Use-after-free in graphics module due to destroying already queued syncobj in error case in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & M...Show more Use-after-free in graphics module due to destroying already queued syncobj in error case in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, MDM9607, MSM8909W, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130Show less
CVE-2019-10603 1Qualcomm 18Apq8053 Firmware Apq8096au FirmwareApq8098 Firmware+15 more Nov 21, 2024 Mar 5, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Use after free issue occurs If the real device interface goes down and a route lookup is performed while sending a raw IPv6 message in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Sn...Show more Use after free issue occurs If the real device interface goes down and a route lookup is performed while sending a raw IPv6 message in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8917, MSM8937, MSM8996AU, QCN7605, SDA845, SDM630, SDM636, SDM660, SDX20, SXR1130Show less
CVE-2020-10018 6Canonical DebianFedoraproject+3 more 6Debian Linux FedoraLeap+3 more Nov 21, 2024 Mar 2, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed...Show more WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.Show less
CVE-2019-18903 2Opensuse Suse 2Leap Linux Enterprise Server Nov 21, 2024 Mar 2, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue aff...Show more A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-28.26.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.9.1. openSUSE Factory wicked versions prior to 0.6.62.Show less

Previous 1...280281282...372 Next