Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,280)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-5058 1Google 1Chrome May 13, 2026 Oct 27, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A use after free in PrintPreview in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2017-5056 2Google Redhat 4Chrome Enterprise Linux DesktopEnterprise Linux Server+1 more May 13, 2026 Oct 27, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2017-5055 1Google 1Chrome May 13, 2026 Oct 27, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 A use after free in printing in Google Chrome prior to 57.0.2987.133 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2017-15227 1Irssi 1Irssi May 13, 2026 Oct 22, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on.
CVE-2017-15642 2Debian Sound Exchange Project 2Debian Linux Sound Exchange May 13, 2026 Oct 19, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.
CVE-2017-15265 1Linux 1Linux Kernel May 13, 2026 Oct 16, 2017 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, rela...Show more Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.Show less
CVE-2015-7687 2Fedoraproject Openbsd 2Fedora Opensmtpd May 13, 2026 Oct 16, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.
CVE-2017-15369 1Artifex 1Mupdf May 13, 2026 Oct 16, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz...Show more The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.Show less
CVE-2017-15238 2Debian Graphicsmagick 2Debian Linux Graphicsmagick May 13, 2026 Oct 11, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage.
CVE-2017-11048 1Google 1Android May 13, 2026 Oct 10, 2017 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a display driver function, a Use After Free condition can occur.
CVE-2017-14989 1Imagemagick 1Imagemagick May 13, 2026 Oct 3, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at...Show more A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.Show less
CVE-2017-9790 1Apache 1Mesos May 13, 2026 Sep 29, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assum...Show more When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.Show less
CVE-2017-14857 1Exiv2 1Exiv2 May 13, 2026 Sep 29, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack.
CVE-2017-9676 1Google 1Android May 13, 2026 Sep 21, 2017 N/A· v4 4.7 MEDIUM· v3 2.6 LOW· v2 In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock.
CVE-2017-8277 1Google 1Android May 13, 2026 Sep 21, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. However the client was not removed from list. Us...Show more In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. However the client was not removed from list. Use-after-free would occur when traversing the list next time.Show less
CVE-2015-6673 1Libpgf 1Libpgf May 13, 2026 Sep 20, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32.
CVE-2015-3890 1Litespeedtech 1Openlitespeed May 13, 2026 Sep 20, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Use-after-free vulnerability in Open Litespeed before 1.3.10.
CVE-2015-1329 1Canonical 1Ubuntu Linux May 13, 2026 Sep 20, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code.
CVE-2017-9798 2Apache Debian 2Debian Linux Http Server May 13, 2026 Sep 18, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects th...Show more Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.Show less
CVE-2017-14528 2Debian Imagemagick 2Debian Linux Imagemagick May 13, 2026 Sep 18, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cau...Show more The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.Show less

Previous 1...331332333...364 Next