Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,267)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-2958 1Adobe 4Acrobat Acrobat DcAcrobat Reader Dc+1 more May 6, 2026 Jan 11, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbit...Show more Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution.Show less
CVE-2017-2957 1Adobe 4Acrobat Acrobat DcAcrobat Reader Dc+1 more May 6, 2026 Jan 11, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to collaboration functionality. Suc...Show more Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to collaboration functionality. Successful exploitation could lead to arbitrary code execution.Show less
CVE-2017-2956 1Adobe 4Acrobat Acrobat DcAcrobat Reader Dc+1 more May 6, 2026 Jan 11, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to manipulation of the navigation p...Show more Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to manipulation of the navigation pane. Successful exploitation could lead to arbitrary code execution.Show less
CVE-2017-2955 1Adobe 4Acrobat Acrobat DcAcrobat Reader Dc+1 more May 6, 2026 Jan 11, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbit...Show more Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution.Show less
CVE-2017-2951 1Adobe 4Acrobat Acrobat DcAcrobat Reader Dc+1 more May 6, 2026 Jan 11, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to sub-form functionality. Successful expl...Show more Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to sub-form functionality. Successful exploitation could lead to arbitrary code execution.Show less
CVE-2017-2950 1Adobe 4Acrobat Acrobat DcAcrobat Reader Dc+1 more May 6, 2026 Jan 11, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to layout functionality. Successful exploi...Show more Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution.Show less
CVE-2017-2937 1Adobe 1Flash Player May 6, 2026 Jan 11, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation could lead to arbitrary c...Show more Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation could lead to arbitrary code execution.Show less
CVE-2017-2936 1Adobe 1Flash Player May 6, 2026 Jan 11, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2932 1Adobe 1Flash Player May 6, 2026 Jan 11, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution.
CVE-2016-6892 1Matrixssl 1Matrixssl May 6, 2026 Jan 5, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate.
CVE-2016-9936 1Php 1Php May 6, 2026 Jan 4, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data....Show more The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834.Show less
CVE-2016-9138 1Php 1Php May 6, 2026 Jan 4, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted seri...Show more PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.Show less
CVE-2016-9137 1Php 1Php May 6, 2026 Jan 4, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impac...Show more Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing.Show less
CVE-2016-10088 1Linux 1Linux Kernel May 6, 2026 Dec 30, 2016 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory loca...Show more The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.Show less
CVE-2016-9794 1Linux 1Linux Kernel May 6, 2026 Dec 28, 2016 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspeci...Show more Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.Show less
CVE-2016-9576 1Linux 1Linux Kernel May 6, 2026 Dec 28, 2016 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cau...Show more The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.Show less
CVE-2016-9923 1Qemu 1Qemu May 6, 2026 Dec 23, 2016 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to cra...Show more Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS.Show less
CVE-2016-5190 1Google 1Chrome May 6, 2026 Dec 18, 2016 N/A· v4 6.3 MEDIUM· v3 6.8 MEDIUM· v2 Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via...Show more Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.Show less
CVE-2016-5185 1Google 1Chrome May 6, 2026 Dec 18, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform...Show more Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.Show less
CVE-2016-5184 1Google 1Chrome May 6, 2026 Dec 18, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potenti...Show more PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files.Show less

Previous 1...340341342...364 Next