Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,275)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-9930 1Google 1Android May 13, 2026 Jun 6, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.
CVE-2014-9926 1Google 1Android May 13, 2026 Jun 6, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.
CVE-2017-7295 1Contiki Os 1Contiki May 13, 2026 May 28, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the http_state structure was not deallocated...Show more An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the http_state structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing function. This resulted in a board crash, which can be used to perform denial of service.Show less
CVE-2017-2823 1Poweriso 1Poweriso May 13, 2026 May 24, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .ISO...Show more A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .ISO file to trigger this vulnerability.Show less
CVE-2017-9190 1Autotrace Project 1Autotrace May 13, 2026 May 23, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid free), related to the free_bitmap function in bitmap.c:24:5.
CVE-2017-9182 1Autotrace Project 1Autotrace May 13, 2026 May 23, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (use-after-free and invalid heap read), related to the GET_COLOR function in color.c:16:11.
CVE-2016-7978 1Artifex 1Ghostscript May 13, 2026 May 23, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.
CVE-2016-5177 5Debian FedoraprojectGoogle+2 more 7Chrome Debian LinuxEnterprise Linux Server Supplementary+4 more May 13, 2026 May 23, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.
CVE-2017-2518 2Apple Debian 5Debian Linux Iphone OsMac Os X+2 more May 13, 2026 May 22, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" compon...Show more An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.Show less
CVE-2017-2513 1Apple 4Iphone Os Mac Os XTvos+1 more May 13, 2026 May 22, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" compon...Show more An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SQL statement.Show less
CVE-2017-8929 1Virustotal 1Yara May 13, 2026 May 14, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule.
CVE-2017-7487 2Debian Linux 2Debian Linux Linux Kernel May 13, 2026 May 14, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impa...Show more The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface.Show less
CVE-2017-8246 1Google 1Android May 13, 2026 May 12, 2017 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resul...Show more In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used.Show less
CVE-2017-0263 1Microsoft 10Windows 10 1507 Windows 10 1511Windows 10 1607+7 more Apr 22, 2026 May 12, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local...Show more The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."Show less
CVE-2017-0261 1Microsoft 1Office Apr 22, 2026 May 12, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This...Show more Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281.Show less
CVE-2017-8895 1Veritas 1Backup Exec May 13, 2026 May 10, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code e...Show more In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.Show less
CVE-2017-7698 1Swftools 1Swftools May 13, 2026 May 10, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier allows remote attackers to execute arbitrary code via a malformed PDF document, possibly a consequence of an error in Gfx.cc in Xpdf 3.02.
CVE-2017-3073 2Adobe Redhat 5Enterprise Linux Enterprise Linux DesktopEnterprise Linux Workstation+2 more May 13, 2026 May 9, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to...Show more Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.Show less
CVE-2017-3071 2Adobe Redhat 5Enterprise Linux Enterprise Linux DesktopEnterprise Linux Workstation+2 more May 13, 2026 May 9, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution.
CVE-2017-8846 2Debian Long Range Zip Project 2Debian Linux Long Range Zip May 13, 2026 May 8, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.

Previous 1...335336337...364 Next