Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,425)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-17615 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Oct 29, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a mali...Show more This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Mouse Exit events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6333.Show less
CVE-2018-4022 1Mkvtoolnix 1Mkvinfo Nov 21, 2024 Oct 26, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user.
CVE-2018-11305 1Qualcomm 25Mdm9206 Firmware Mdm9607 FirmwareMdm9640 Firmware+22 more Nov 21, 2024 Oct 26, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 When a series of FDAL messages are sent to the modem, a Use After Free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU,...Show more When a series of FDAL messages are sent to the modem, a Use After Free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20.Show less
CVE-2018-15366 1Trendmicro 3Antivirus For Mac 2017 Antivirus For Mac 2018Antivirus For Mac 2019 Nov 21, 2024 Oct 23, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installatio...Show more A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.Show less
CVE-2018-18559 2Linux Redhat 9Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+6 more Nov 21, 2024 Oct 22, 2018 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b...Show more In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.Show less
CVE-2018-12378 4Canonical DebianMozilla+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 25, 2025 Oct 18, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulne...Show more A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.Show less
CVE-2018-12377 4Canonical DebianMozilla+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Nov 25, 2025 Oct 18, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This...Show more A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.Show less
CVE-2018-12363 4Canonical DebianMozilla+1 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Server+8 more Nov 21, 2024 Oct 18, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing...Show more A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.Show less
CVE-2018-12360 4Canonical DebianMozilla+1 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Server+8 more Nov 21, 2024 Oct 18, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thun...Show more A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.Show less
CVE-2016-9069 1Mozilla 1Firefox Nov 21, 2024 Oct 18, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.
CVE-2018-12822 1Adobe 1Digital Editions Nov 21, 2024 Oct 17, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Digital Editions versions 4.5.8 and below have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2018-18408 2Broadcom Fedoraproject 2Fedora Tcpreplay Nov 21, 2024 Oct 17, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.
CVE-2018-15924 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Oct 12, 2018 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code executio...Show more Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.Show less
CVE-2018-15920 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Oct 12, 2018 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code executio...Show more Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.Show less
CVE-2018-12877 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Oct 12, 2018 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code executio...Show more Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.Show less
CVE-2018-12863 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Oct 12, 2018 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code executio...Show more Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.Show less
CVE-2018-12852 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Oct 12, 2018 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code executio...Show more Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.Show less
CVE-2018-12831 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Oct 12, 2018 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code executio...Show more Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.Show less
CVE-2018-12769 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Oct 12, 2018 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code executio...Show more Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.Show less
CVE-2018-3997 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Oct 8, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be...Show more An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.Show less

Previous 1...315316317...372 Next