Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,426)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-10082 2Apache Oracle 6Communications Element Manager Enterprise Manager Ops CenterHttp Server+3 more Nov 21, 2024 Sep 26, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.
CVE-2019-16882 1String Interner Project 1String Interner Nov 21, 2024 Sep 25, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw.
CVE-2019-16881 1Portaudio Rs Project 1Portaudio Rs Nov 21, 2024 Sep 25, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callba...Show more An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback.Show less
CVE-2019-10996 1Redlion 1Crimson Jun 2, 2026 Sep 23, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can referen...Show more Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed.Show less
CVE-2019-16510 1Mz Automation 1Libiec61850 Nov 21, 2024 Sep 19, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose.
CVE-2019-11778 1Eclipse 1Mosquitto Nov 21, 2024 Sep 18, 2019 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer...Show more If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations.Show less
CVE-2019-5067 1Aspose 1Aspose.pdf For C++ Nov 21, 2024 Sep 18, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in me...Show more An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application.Show less
CVE-2019-5066 1Aspose 1Aspose.pdf For C++ Nov 21, 2024 Sep 18, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free cond...Show more An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application.Show less
CVE-2019-5042 1Aspose 1Aspose.pdf For C++ Nov 21, 2024 Sep 18, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free...Show more An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability.Show less
CVE-2019-16396 1Gnucobol Project 1Gnucobol Nov 21, 2024 Sep 17, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code.
CVE-2019-8070 1Adobe 2Flash Player Flash Player Desktop Runtime Nov 21, 2024 Sep 12, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2019-1208 1Microsoft 1Internet Explorer Nov 21, 2024 Sep 11, 2019 N/A· v4 7.5 HIGH· v3 7.6 HIGH· v2 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1236.
CVE-2019-16165 1Gnu 1Cflow Nov 21, 2024 Sep 9, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.
CVE-2019-16140 1Isahc Project 1Isahc Nov 21, 2024 Sep 9, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion.
CVE-2019-16138 1Image Rs 1Image Nov 21, 2024 Sep 9, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution.
CVE-2019-9458 2Google Opensuse 2Android Leap Nov 21, 2024 Sep 6, 2019 N/A· v4 7.0 HIGH· v3 4.4 MEDIUM· v2 In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...Show more In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2019-9447 1Google 1Android Nov 21, 2024 Sep 6, 2019 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In the Android kernel in the FingerTipS touchscreen driver there is a possible use-after-free due to improper locking. This could lead to a local escalation of privilege with System execution privileges needed. User inte...Show more In the Android kernel in the FingerTipS touchscreen driver there is a possible use-after-free due to improper locking. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2019-9442 1Google 1Android Nov 21, 2024 Sep 6, 2019 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In the Android kernel in the mnh driver there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for ex...Show more In the Android kernel in the mnh driver there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation.Show less
CVE-2019-9276 1Google 1Android Nov 21, 2024 Sep 6, 2019 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible out of bounds write due to a use after free. This could lead to a local escalation of privilege with System execution privileges neede...Show more In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible out of bounds write due to a use after free. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2019-9275 1Google 1Android Nov 21, 2024 Sep 6, 2019 N/A· v4 6.7 MEDIUM· v3 7.5 HIGH· v2 In the Android kernel in the mnh driver there is a use after free due to improper locking. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitati...Show more In the Android kernel in the mnh driver there is a use after free due to improper locking. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Show less

Previous 1...292293294...372 Next