CWE-416
7,425 CVEs • Abstraction: Variant • Likelihood of Exploit: High
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
CVEs (7,425)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
In the FastRPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur when mapping on th...Show more |
1Qualcomm 21Mdm9206 Firmware Mdm9607 FirmwareMdm9650 Firmware+18 moreNov 21, 2024 Jul 6, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/1...Show more |
2Canonical Linux2Linux Kernel Ubuntu LinuxNov 21, 2024 Jun 28, 2018 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesy...Show more |
3Canonical NetappPhp3Php Storage Automation StoreUbuntu LinuxNov 21, 2024 Jun 26, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable co...Show more |
WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object. |
In the WCD CPE codec, a Use After Free condition can occur in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. |
There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file. |
A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject in Pale Moon before 27.9.3. |
Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same TA, a Use After Free...Show more |
Early or late retirement of rotation requests can result in a Use After Free condition in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
In the video driver function set_output_buffers(), binfo can be accessed after being freed in a failure scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
In the KGSL driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a Use After Free condition can occur when printing information about sparse memory allocation...Show more |
Buffer might get used after it gets freed due to unlocking the mutex before freeing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
2Canonical Mozilla2Firefox Ubuntu LinuxNov 21, 2024 Jun 11, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time durin...Show more |
2Canonical Mozilla2Firefox Ubuntu LinuxNov 21, 2024 Jun 11, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable...Show more |
4Canonical DebianMozilla+1 more11Debian Linux Enterprise Linux DesktopEnterprise Linux Server+8 moreNov 25, 2025 Jun 11, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52....Show more |
4Canonical DebianMozilla+1 more11Debian Linux Enterprise Linux DesktopEnterprise Linux Server+8 moreNov 25, 2025 Jun 11, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR...Show more |
4Canonical DebianMozilla+1 more7Debian Linux Enterprise Linux DesktopEnterprise Linux Server+4 moreNov 25, 2025 Jun 11, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerabi...Show more |
2Canonical Mozilla2Firefox Ubuntu LinuxNov 21, 2024 Jun 11, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. This vulnerability affects Firefox < 59. |
4Canonical DebianMozilla+1 more9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 moreNov 25, 2025 Jun 11, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ES...Show more |