Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,437)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-18902 2Opensuse Suse 2Leap Linux Enterprise Server Nov 21, 2024 Mar 2, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue aff...Show more A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62.Show less
CVE-2020-6386 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 27, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6384 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 27, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-9273 5Debian FedoraprojectOpensuse+2 more 7Backports Sle Debian LinuxFedora+4 more Nov 21, 2024 Feb 20, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
CVE-2014-3622 1Php 1Php Nov 21, 2024 Feb 19, 2020 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that ac...Show more Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.Show less
CVE-2020-8857 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Feb 14, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malic...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of form Annotation objects within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9862.Show less
CVE-2020-8856 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Feb 14, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25608. User interaction is required to exploit this vulnerability in that the target must visit a ma...Show more This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25608. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of watermarks. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9640.Show less
CVE-2020-8855 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Feb 14, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.2947. User interaction is required to exploit this vulnerability in that the target must visit a ma...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.2947. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fxhtml2pdf.exe module. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9560.Show less
CVE-2020-8846 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Feb 14, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a ma...Show more This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of text field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9400.Show less
CVE-2020-8845 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Feb 14, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a ma...Show more This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of watermarks in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9358.Show less
CVE-2020-3751 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Feb 13, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lea...Show more Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .Show less
CVE-2020-3750 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Feb 13, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lea...Show more Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .Show less
CVE-2020-3749 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Feb 13, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lea...Show more Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .Show less
CVE-2020-3748 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Feb 13, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lea...Show more Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .Show less
CVE-2020-3746 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Feb 13, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lea...Show more Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .Show less
CVE-2020-3745 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Feb 13, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lea...Show more Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .Show less
CVE-2020-3743 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Feb 13, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lea...Show more Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .Show less
CVE-2020-0030 1Google 1Android Nov 21, 2024 Feb 13, 2020 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 In binder_thread_release of binder.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not n...Show more In binder_thread_release of binder.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145286050References: Upstream kernelShow less
CVE-2020-0026 1Google 1Android Nov 21, 2024 Feb 13, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In Parcel::continueWrite of Parcel.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...Show more In Parcel::continueWrite of Parcel.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140419401Show less
CVE-2020-8945 3Fedoraproject Gpgme ProjectRedhat 9Enterprise Linux For Ibm Z Systems Enterprise Linux For Power Little EndianEnterprise Linux Server+6 more Nov 21, 2024 Feb 12, 2020 N/A· v4 7.5 HIGH· v3 5.1 MEDIUM· v2 The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signatu...Show more The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.Show less

Previous 1...281282283...372 Next