Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,275)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-11109 1Vim 1Vim May 13, 2026 Jul 8, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has secu...Show more Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.Show less
CVE-2017-10966 1Irssi 1Irssi May 13, 2026 Jul 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free con...Show more An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free conditions on each access of the hash table.Show less
CVE-2017-10788 1Dbd Mysql Project 1Dbd Mysql May 13, 2026 Jul 1, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses...Show more The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.Show less
CVE-2017-10686 2Canonical Nasm 2Netwide Assembler Ubuntu Linux May 13, 2026 Jun 29, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getlin...Show more In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.Show less
CVE-2017-10672 2Debian Xml Libxml Project 2Debian Linux Xml Libxml May 13, 2026 Jun 29, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.
CVE-2017-2491 1Apple 1Iphone Os May 13, 2026 Jun 27, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file.
CVE-2016-0959 1Adobe 6Air Air SdkAir Sdk & Compiler+3 more May 13, 2026 Jun 27, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Pla...Show more Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 before 20.0.0.267, Adobe Flash Player for Internet Explorer 10 and 11 before 20.0.0.267, Adobe Flash Player for Linux before 11.2.202.559, AIR Desktop Runtime before 20.0.0.233, AIR SDK before 20.0.0.233, AIR SDK & Compiler before 20.0.0.233, AIR for Android before 20.0.0.233.Show less
CVE-2017-9953 2Exiv2 Redhat 2Enterprise Linux Exiv2 May 13, 2026 Jun 26, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
CVE-2017-3084 1Adobe 1Flash Player May 13, 2026 Jun 20, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the advertising metadata functionality. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3083 1Adobe 1Flash Player May 13, 2026 Jun 20, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK functionality related to the profile metadata of the media stream. Successful exploitation could le...Show more Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK functionality related to the profile metadata of the media stream. Successful exploitation could lead to arbitrary code execution.Show less
CVE-2017-3081 1Adobe 1Flash Player May 13, 2026 Jun 20, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability during internal computation caused by multiple display object mask manipulations. Successful exploitation could lead to...Show more Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability during internal computation caused by multiple display object mask manipulations. Successful exploitation could lead to arbitrary code execution.Show less
CVE-2017-3075 1Adobe 1Flash Player May 13, 2026 Jun 20, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-9762 1Radare 1Radare2 May 13, 2026 Jun 19, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file.
CVE-2017-7371 1Google 1Android May 13, 2026 Jun 13, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 In all Android releases from CAF using the Linux kernel, a data pointer is potentially used after it has been freed when SLIMbus is turned off by Bluetooth.
CVE-2017-7370 1Google 1Android May 13, 2026 Jun 13, 2017 N/A· v4 7.0 HIGH· v3 7.6 HIGH· v2 In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.
CVE-2017-9527 2Debian Mruby 2Debian Linux Mruby May 13, 2026 Jun 11, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb f...Show more The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.Show less
CVE-2016-7835 2Dena H2o Project 2H2o H2o May 13, 2026 Jun 9, 2017 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information.
CVE-2016-4473 2Php Suse 3Linux Enterprise Module For Web Scripting Linux Enterprise Software Development KitPhp May 13, 2026 Jun 8, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.
CVE-2017-9520 1Radare 1Radare2 May 13, 2026 Jun 8, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file.
CVE-2014-9946 1Google 1Android May 13, 2026 Jun 6, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.

Previous 1...334335336...364 Next