Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,425)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-10496 1Samsung 1Samsung Internet Browser Nov 21, 2024 Sep 24, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Internet Browser Fixed in version 6.4.0.15. User interaction is required to exploit this vulnerability in that t...Show more This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Internet Browser Fixed in version 6.4.0.15. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TypedArray objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5326.Show less
CVE-2018-17236 1Mp4v2 Project 1Mp4v2 Nov 21, 2024 Sep 20, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal.
CVE-2018-17182 4Canonical DebianLinux+1 more 5Active Iq Performance Analytics Services Debian LinuxElement Software+2 more Nov 21, 2024 Sep 19, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) v...Show more An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.Show less
CVE-2018-11843 1Google 1Android Nov 21, 2024 Sep 18, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack fo check on return value in WMA response handler can lead to potential use after free.
CVE-2018-11818 1Google 1Android Nov 21, 2024 Sep 18, 2018 N/A· v4 7.0 HIGH· v3 4.4 MEDIUM· v2 In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl. Simultaneous update from userspace while ke...Show more In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl. Simultaneous update from userspace while kernel drivers are updating LUT registers can lead to race condition.Show less
CVE-2018-11300 1Google 1Android Nov 21, 2024 Sep 18, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, callback executed from the other thread has freed memory which is also used in wlan function and may result in t...Show more In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, callback executed from the other thread has freed memory which is also used in wlan function and may result in to a "Use after free" scenario.Show less
CVE-2018-11286 1Google 1Android Nov 21, 2024 Sep 18, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing global variable "debug_client" in multi-thread manner, Use after free issue occurs
CVE-2018-11281 1Google 1Android Nov 21, 2024 Sep 18, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. If IPA_IOC_MDFY_RT_RULE IO...Show more In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. If IPA_IOC_MDFY_RT_RULE IOCTL called for header entries formerly deleted, a Use after free condition will occur.Show less
CVE-2018-14625 3Canonical DebianLinux 3Debian Linux Linux KernelUbuntu Linux Nov 21, 2024 Sep 10, 2018 N/A· v4 7.0 HIGH· v3 4.4 MEDIUM· v2 A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using...Show more A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.Show less
CVE-2018-16541 4Artifex CanonicalDebian+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 21, 2024 Sep 5, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.
CVE-2018-16540 4Artifex CanonicalDebian+1 more 11Debian Linux Enterprise LinuxEnterprise Linux Desktop+8 more Nov 21, 2024 Sep 5, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified...Show more In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.Show less
CVE-2018-6555 3Canonical DebianLinux 3Debian Linux Linux KernelUbuntu Linux Nov 21, 2024 Sep 4, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system cra...Show more The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket.Show less
CVE-2018-14619 1Linux 1Linux Kernel Nov 21, 2024 Aug 30, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the...Show more A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user being able to crash the system or possibly escalate privileges.Show less
CVE-2017-15399 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Aug 28, 2018 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2017-15412 4Debian GoogleRedhat+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Aug 28, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2017-15411 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Aug 28, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2017-15410 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Aug 28, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2018-15857 2Canonical Xkbcommon 3Libxkbcommon Ubuntu LinuxXkbcommon Nov 21, 2024 Aug 25, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a cr...Show more An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.Show less
CVE-2018-10902 4Canonical DebianLinux+1 more 6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 more Nov 21, 2024 Aug 21, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_ra...Show more It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.Show less
CVE-2018-1000217 1Davegamble 1Cjson Jul 22, 2025 Aug 20, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via De...Show more Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network interface then can be exploited over a network, otherwise just local.. This vulnerability appears to have been fixed in 1.7.4.Show less

Previous 1...318319320...372 Next