Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,436)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-8662 1Apple 4Iphone Os Mac Os XTvos+1 more Nov 21, 2024 Dec 18, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrust...Show more This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary.Show less
CVE-2019-8661 1Apple 1Mac Os X Nov 21, 2024 Dec 18, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.6. A remote attacker may be able to cause arbitrary code execution.
CVE-2019-8647 1Apple 3Iphone Os TvosWatchos Nov 21, 2024 Dec 18, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution.
CVE-2019-8644 1Apple 6Icloud Iphone OsItunes+3 more Nov 21, 2024 Dec 18, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud...Show more Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.Show less
CVE-2019-8613 1Apple 3Iphone Os TvosWatchos Nov 21, 2024 Dec 18, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause arbitrary code execution.
CVE-2019-8610 1Apple 6Icloud Iphone OsItunes+3 more Nov 21, 2024 Dec 18, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Process...Show more Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.Show less
CVE-2019-8608 1Apple 6Icloud Iphone OsItunes+3 more Nov 21, 2024 Dec 18, 2019 N/A· v4 6.3 MEDIUM· v3 6.8 MEDIUM· v2 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Process...Show more Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.Show less
CVE-2019-8605 1Apple 4Iphone Os Mac Os XTvos+1 more Oct 23, 2025 Dec 18, 2019 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with sy...Show more A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.Show less
CVE-2019-8584 1Apple 6Icloud Iphone OsItunes+3 more Nov 21, 2024 Dec 18, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Process...Show more Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.Show less
CVE-2019-8556 1Apple 5Icloud Iphone OsItunes+2 more Nov 21, 2024 Dec 18, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web conten...Show more A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.Show less
CVE-2019-8526 1Apple 1Mac Os X Oct 23, 2025 Dec 18, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.
CVE-2019-7285 1Apple 5Icloud Iphone OsItunes+2 more Nov 21, 2024 Dec 18, 2019 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web conten...Show more A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.Show less
CVE-2019-10518 1Qualcomm 49Apq8009 Firmware Apq8017 FirmwareApq8053 Firmware+46 more Nov 21, 2024 Dec 18, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Use after free of a pointer in iWLAN scenario during netmgr state transition to CONNECT in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapd...Show more Use after free of a pointer in iWLAN scenario during netmgr state transition to CONNECT in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, SDA660, SDA845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130Show less
CVE-2019-3994 2Elog Project Fedoraproject 2Elog Fedora Nov 21, 2024 Dec 17, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the E...Show more ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the ELOG function retrieve_url() to use a freed variable.Show less
CVE-2019-19813 4Canonical DebianLinux+1 more 13Active Iq Unified Manager Aff A400 FirmwareAff A700s Firmware+10 more Nov 21, 2024 Dec 17, 2019 N/A· v4 5.5 MEDIUM· v3 7.1 HIGH· v2 In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is rela...Show more In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.Show less
CVE-2019-19807 2Canonical Linux 2Linux Kernel Ubuntu Linux Nov 21, 2024 Dec 15, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was...Show more In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.Show less
CVE-2019-19770 1Linux 1Linux Kernel Nov 21, 2024 Dec 12, 2019 N/A· v4 8.2 HIGH· v3 6.4 MEDIUM· v2 In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to anothe...Show more In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktraceShow less
CVE-2019-19769 2Fedoraproject Linux 2Fedora Linux Kernel Nov 21, 2024 Dec 12, 2019 N/A· v4 6.7 MEDIUM· v3 6.5 MEDIUM· v2 In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).
CVE-2019-19768 1Linux 1Linux Kernel Nov 21, 2024 Dec 12, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).
CVE-2019-19767 1Linux 1Linux Kernel Nov 21, 2024 Dec 12, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4e...Show more The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.Show less

Previous 1...285286287...372 Next