Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,425)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-6770 1Foxitsoftware 2Foxit Reader Phantompdf Nov 21, 2024 Jun 3, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must vis...Show more This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8229.Show less
CVE-2019-6769 1Foxitsoftware 2Foxit Reader Phantompdf Nov 21, 2024 Jun 3, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a mal...Show more This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8165.Show less
CVE-2019-6768 1Foxitsoftware 2Foxit Reader Phantompdf Nov 21, 2024 Jun 3, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a mal...Show more This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8164.Show less
CVE-2019-6767 1Foxitsoftware 2Foxit Reader Phantompdf Nov 21, 2024 Jun 3, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a mal...Show more This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8163.Show less
CVE-2019-6766 1Foxitsoftware 2Foxit Reader Phantompdf Nov 21, 2024 Jun 3, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must vis...Show more This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8162.Show less
CVE-2019-6763 1Foxitsoftware 2Foxit Reader Phantompdf Nov 21, 2024 Jun 3, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a mal...Show more This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ToggleFormsDesign method of the Foxit.FoxitReader.Ctl ActiveX object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7874.Show less
CVE-2019-6762 1Foxitsoftware 2Foxit Reader Phantompdf Nov 21, 2024 Jun 3, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a...Show more This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7844.Show less
CVE-2019-6761 1Foxitsoftware 2Foxit Reader Phantompdf Nov 21, 2024 Jun 3, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a mal...Show more This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA CXFA_FFDocView object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7777.Show less
CVE-2019-6758 1Foxitsoftware 2Foxit Reader Phantompdf Nov 21, 2024 Jun 3, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit...Show more This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7701.Show less
CVE-2019-6757 1Foxitsoftware 2Foxit Reader Phantompdf Nov 21, 2024 Jun 3, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malic...Show more This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7696.Show less
CVE-2019-6756 1Foxitsoftware 2Foxit Reader Phantompdf Nov 21, 2024 Jun 3, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must...Show more This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HTML files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7769.Show less
CVE-2019-7084 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 May 24, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation c...Show more Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .Show less
CVE-2019-7083 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 May 24, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation c...Show more Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .Show less
CVE-2019-7082 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 May 24, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation c...Show more Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .Show less
CVE-2019-7078 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 May 24, 2019 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation c...Show more Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .Show less
CVE-2019-7077 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 May 24, 2019 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation c...Show more Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .Show less
CVE-2019-7075 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 May 24, 2019 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation c...Show more Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .Show less
CVE-2019-7072 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 May 24, 2019 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation c...Show more Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .Show less
CVE-2019-7070 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 May 24, 2019 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation c...Show more Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .Show less
CVE-2019-7068 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 May 24, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation c...Show more Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .Show less

Previous 1...299300301...372 Next