← Back
CWE-416

7,425 CVEs • Abstraction: Variant • Likelihood of Exploit: High

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

JSON object

Loading...

CVEs (7,425)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-11962
1Google
1Android
Nov 21, 2024
Feb 11, 2019
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap while loading audio effects config in audio effects factory.
CVE-2019-7703
1Webassembly
1Binaryen
Nov 21, 2024
Feb 10, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
In Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a wasm file, as demonst...Show more
In Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a wasm file, as demonstrated by wasm-merge.Show less
CVE-2019-7560
1Boolector Project
1Boolector
Nov 21, 2024
Feb 7, 2019
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
In parser/btorsmt2.c in Boolector 3.0.0, opening a specially crafted input file leads to a use after free in get_failed_assumptions or btor_delete.
CVE-2018-7817
1Schneider Electric
1Zelio Soft 2
Nov 21, 2024
Feb 6, 2019
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 v5.1 and prior versions which could cause remote code execution when opening a specially crafted Zelio Soft project file.
CVE-2018-18500
4Canonical
DebianMozilla+1 more
11Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+8 more
Nov 21, 2024
Feb 5, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable c...Show more
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.Show less
CVE-2019-7317
10Canonical
DebianHp+7 more
32Active Iq Unified Manager
Cloud BackupDebian Linux+29 more
May 28, 2026
Feb 4, 2019
N/A· v4
5.3 MEDIUM· v3
2.6 LOW· v2
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVE-2019-7314
2Debian
Live555
2Debian Linux
Streaming Media
Nov 21, 2024
Feb 4, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentati...Show more
liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.Show less
CVE-2019-6984
1Foxitsoftware
13d
Nov 21, 2024
Jan 28, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter a Use-After-Free or Type Confusion and crash during handling of certain PDF files that e...Show more
An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter a Use-After-Free or Type Confusion and crash during handling of certain PDF files that embed specifically crafted 3D content, due to the use of a wild pointer.Show less
CVE-2018-17705
1Foxitsoftware
2Phantompdf
Reader
Nov 21, 2024
Jan 24, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a mali...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the display property of CheckBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7255.Show less
CVE-2018-17704
1Foxitsoftware
2Phantompdf
Reader
Nov 21, 2024
Jan 24, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a mali...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the textColor property of RadioButton objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7254.Show less
CVE-2018-17703
1Foxitsoftware
2Phantompdf
Reader
Nov 21, 2024
Jan 24, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a mali...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the defaultValue property of ComboBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7253.Show less
CVE-2018-17702
1Foxitsoftware
2Phantompdf
Reader
Nov 21, 2024
Jan 24, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a mali...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the richValue property of button objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7252.Show less
CVE-2018-17698
1Foxitsoftware
2Phantompdf
Reader
Nov 21, 2024
Jan 24, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the richValue property of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7067.Show less
CVE-2018-17697
1Foxitsoftware
2Phantompdf
Reader
Nov 21, 2024
Jan 24, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a mali...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of templates. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7170.Show less
CVE-2018-17696
1Foxitsoftware
2Phantompdf
Reader
Nov 21, 2024
Jan 24, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a mali...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the dataObjects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7169.Show less
CVE-2018-17695
1Foxitsoftware
2Phantompdf
Reader
Nov 21, 2024
Jan 24, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the username property of a TextField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7145.Show less
CVE-2018-17694
1Foxitsoftware
2Phantompdf
Reader
Nov 21, 2024
Jan 24, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the display property of a button. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7138.Show less
CVE-2018-17691
1Foxitsoftware
2Phantompdf
Reader
Nov 21, 2024
Jan 24, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7128.Show less
CVE-2018-17690
1Foxitsoftware
2Phantompdf
Reader
Nov 21, 2024
Jan 24, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the rect property of a Link object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7103.Show less
CVE-2018-17689
1Foxitsoftware
2Phantompdf
Reader
Nov 21, 2024
Jan 24, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the fillColor property of a radio button. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7070.Show less