Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,425)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-3964 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Oct 3, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be...Show more An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.Show less
CVE-2018-3946 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Oct 3, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused...Show more An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.Show less
CVE-2018-3962 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Oct 2, 2018 N/A· v4 7.3 HIGH· v3 6.0 MEDIUM· v2 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the CreationDate property of the this.info objec...Show more A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the CreationDate property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.Show less
CVE-2018-3961 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Oct 2, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Creator property of the this.info object. An...Show more A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Creator property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.Show less
CVE-2018-3960 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Oct 2, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Producer property of the this.info object. A...Show more A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Producer property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.Show less
CVE-2018-3959 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Oct 2, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Author property of the this.info object. An...Show more A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Author property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.Show less
CVE-2018-3958 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Oct 2, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Subject property of the this.info object. An...Show more A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Subject property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.Show less
CVE-2018-3957 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Oct 2, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Keywords property of the this.info object. A...Show more A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Keywords property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.Show less
CVE-2018-3944 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Oct 2, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reuse...Show more An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.Show less
CVE-2018-3943 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Oct 2, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reuse...Show more An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.Show less
CVE-2018-9514 1Google 1Android Nov 21, 2024 Oct 2, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In sdcardfs_open of file.c, there is a possible Use After Free due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...Show more In sdcardfs_open of file.c, there is a possible Use After Free due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111642636 References: N/AShow less
CVE-2018-9476 1Google 1Android Nov 21, 2024 Oct 2, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges...Show more In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-109699112Show less
CVE-2018-17611 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Sep 28, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five d...Show more Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.Show less
CVE-2018-17610 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Sep 28, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five d...Show more Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.Show less
CVE-2018-17609 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Sep 28, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five d...Show more Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.Show less
CVE-2018-17608 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Sep 28, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five d...Show more Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.Show less
CVE-2018-17607 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Sep 28, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five d...Show more Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.Show less
CVE-2018-14809 1Fujielectric 1V Server Firmware Nov 21, 2024 Sep 26, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution.
CVE-2018-6054 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Sep 25, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
CVE-2018-6031 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Sep 25, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Previous 1...317318319...372 Next