Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,165)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-6644 3Debian GoogleOpensuse 3Chrome Debian LinuxOpensuse Apr 29, 2026 Jan 16, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown ve...Show more Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.Show less
CVE-2013-6641 2Google Opensuse 2Chrome Opensuse Apr 29, 2026 Jan 16, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on...Show more Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element.Show less
CVE-2014-0496 1Adobe 1Acrobat Apr 21, 2026 Jan 15, 2014 N/A· v4 8.8 HIGH· v3 10.0 HIGH· v2 Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
CVE-2013-5618 6Canonical FedoraprojectMozilla+3 more 16Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+13 more Apr 29, 2026 Dec 11, 2013 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and...Show more Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection.Show less
CVE-2013-5616 6Canonical FedoraprojectMozilla+3 more 16Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+13 more Apr 29, 2026 Dec 11, 2013 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attac...Show more Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.Show less
CVE-2013-5613 6Canonical FedoraprojectMozilla+3 more 16Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+13 more Apr 29, 2026 Dec 11, 2013 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to e...Show more Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.Show less
CVE-2013-5056 1Microsoft 10Windows 7 Windows 8Windows 8.1+7 more Apr 29, 2026 Dec 11, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows...Show more Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that is visited with Internet Explorer, aka "Use-After-Free Vulnerability in Microsoft Scripting Runtime Object Library."Show less
CVE-2013-4560 3Debian LighttpdOpensuse 3Debian Linux LighttpdOpensuse Apr 29, 2026 Nov 20, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.
CVE-2013-3897 1Microsoft 1Internet Explorer Apr 22, 2026 Oct 9, 2013 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via c...Show more Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka "Internet Explorer Memory Corruption Vulnerability."Show less
CVE-2013-3893 1Microsoft 1Internet Explorer Apr 22, 2026 Sep 18, 2013 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrat...Show more Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.Show less
CVE-2013-2873 2Debian Google 2Chrome Debian Linux Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP status code during the loa...Show more Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP status code during the loading of resources.Show less
CVE-2013-1340 1Microsoft 8Windows 7 Windows 8Windows Rt+5 more Apr 29, 2026 Jul 10, 2013 N/A· v4 8.4 HIGH· v3 7.2 HIGH· v2 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT doe...Show more win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."Show less
CVE-2013-2860 2Debian Google 2Chrome Debian Linux Apr 29, 2026 Jun 5, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker...Show more Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process.Show less
CVE-2013-2858 2Debian Google 2Chrome Debian Linux Apr 29, 2026 Jun 5, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2013-2857 2Debian Google 2Chrome Debian Linux Apr 29, 2026 Jun 5, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images.
CVE-2013-2856 2Debian Google 2Chrome Debian Linux Apr 29, 2026 Jun 5, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.
CVE-2013-1312 1Microsoft 1Internet Explorer Apr 29, 2026 May 15, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Fre...Show more Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."Show less
CVE-2013-1311 1Microsoft 1Internet Explorer Apr 29, 2026 May 15, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulne...Show more Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."Show less
CVE-2013-1310 1Microsoft 1Internet Explorer Apr 29, 2026 May 15, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free...Show more Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."Show less
CVE-2013-1309 1Microsoft 1Internet Explorer Apr 29, 2026 May 15, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After...Show more Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-2551.Show less

Previous 1...347348349...359 Next