CWE-416
7,275 CVEs • Abstraction: Variant • Likelihood of Exploit: High
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
CVEs (7,275)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Adobe 5Acrobat Acrobat DcAcrobat Reader+2 moreMay 13, 2026 Aug 11, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversion engine when decompr...Show more |
1Adobe 5Acrobat Acrobat DcAcrobat Reader+2 moreMay 13, 2026 Aug 11, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when processing Enhanced Metafile Format (E...Show more |
1Adobe 5Acrobat Acrobat DcAcrobat Reader+2 moreMay 13, 2026 Aug 11, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in Acrobat/Reader rendering engine. Success...Show more |
1Adobe 5Acrobat Acrobat DcAcrobat Reader+2 moreMay 13, 2026 Aug 11, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA layout engine. Successful exploi...Show more |
1Adobe 5Acrobat Acrobat DcAcrobat Reader+2 moreMay 13, 2026 Aug 11, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the core of the XFA engine. Successful e...Show more |
1Adobe 5Acrobat Acrobat DcAcrobat Reader+2 moreMay 13, 2026 Aug 11, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA rendering engine. Successful exp...Show more |
1Adobe 5Acrobat Acrobat DcAcrobat Reader+2 moreMay 13, 2026 Aug 11, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in XFA event management. Successful exploit...Show more |
A elevation of privilege vulnerability in the Android media framework (libgui). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-33004354. |
In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service. |
2Netapp Ntp6Clustered Data Ontap Data OntapNtp+3 moreMay 13, 2026 Aug 7, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets. |
The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. |
The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly a...Show more |
In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service. |
2Artifex Debian2Debian Linux Ghostscript GhostxpsMay 13, 2026 Jul 26, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a craf...Show more |
4Fedoraproject Jasper ProjectOpensuse+1 more5Fedora JasperLeap+2 moreMay 13, 2026 Jul 25, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000...Show more |
1Graphicsmagick 1Graphicsmagick May 13, 2026 Jul 18, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file. |
There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. |
When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. |
2Debian Linux2Debian Linux Linux KernelMay 13, 2026 Jul 11, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of ser...Show more |
In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an em...Show more |