CWE-416
7,270 CVEs • Abstraction: Variant • Likelihood of Exploit: High
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
CVEs (7,270)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (invalid free and crash) via a crafted file. |
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec." |
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec." |
Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (applicati...Show more |
2Canonical Muscle2Pcsc Lite Ubuntu LinuxMay 13, 2026 Feb 23, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext...Show more |
2Apple Webkitgtk5Iphone Os Mac Os XTvos+2 moreMay 13, 2026 Feb 20, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" compon...Show more |
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial o...Show more |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execut...Show more |
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Directory Services" component. It allows local users to gain privileges or cause a denial of service (use-after...Show more |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to exec...Show more |
1Apple 3Iphone Os Mac Os XWatchosMay 13, 2026 Feb 20, 2017 N/A· v4 6.5 MEDIUM· v3 9.3 HIGH· v2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to e...Show more |
A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free. |
The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file. |
1Adobe 2Flash Player Flash Player Desktop RuntimeMay 13, 2026 Feb 15, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution. |
1Adobe 2Flash Player Flash Player Desktop RuntimeMay 13, 2026 Feb 15, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution. |
1Adobe 2Flash Player Flash Player Desktop RuntimeMay 13, 2026 Feb 15, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execution. |
1Adobe 2Flash Player Flash Player Desktop RuntimeMay 13, 2026 Feb 15, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Successful exploitation could lead to arbitrary code execution. |
4Debian MariadbOracle+1 more8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 moreMay 13, 2026 Feb 12, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. |