Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,270)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2011-1059 1Google 1Chrome Apr 29, 2026 Feb 22, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Use-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or po...Show more Use-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that entice a user to resubmit a form, related to improper handling of provisional items by the HistoryController component, aka rdar problem 8938557.Show less
CVE-2011-0982 1Google 1Chrome Apr 29, 2026 Feb 10, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 Use-after-free vulnerability in Google Chrome before 9.0.597.94 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG font faces.
CVE-2011-0777 1Google 1Chrome Apr 29, 2026 Feb 4, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading.
CVE-2010-3452 3Apache CanonicalDebian 3Debian Linux OpenofficeUbuntu Linux Apr 29, 2026 Jan 28, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an R...Show more Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an RTF document.Show less
CVE-2010-3451 3Apache CanonicalDebian 3Debian Linux OpenofficeUbuntu Linux Apr 29, 2026 Jan 28, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed tables in...Show more Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed tables in an RTF document.Show less
CVE-2011-0475 1Google 2Chrome Chrome Os Apr 29, 2026 Jan 14, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document.
CVE-2011-0346 1Microsoft 1Internet Explorer Apr 29, 2026 Jan 7, 2011 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) vi...Show more Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."Show less
CVE-2010-4493 2Debian Google 2Chrome Debian Linux Apr 29, 2026 Dec 7, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events.
CVE-2010-4492 2Debian Google 2Chrome Debian Linux Apr 29, 2026 Dec 7, 2010 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations.
CVE-2010-4169 4Fedoraproject LinuxOpensuse+1 more 6Fedora Linux Enterprise DesktopLinux Enterprise Real Time Extension+3 more Apr 29, 2026 Nov 22, 2010 N/A· v4 N/A· v3 4.9 MEDIUM· v2 Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call.
CVE-2010-4168 2Fedoraproject Openttd 2Fedora Openttd Apr 29, 2026 Nov 17, 2010 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from...Show more Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp.Show less
CVE-2010-4201 1Google 1Chrome Apr 29, 2026 Nov 6, 2010 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections.
CVE-2010-4197 3Fedoraproject GoogleWebkitgtk 3Chrome FedoraWebkitgtk Apr 29, 2026 Nov 6, 2010 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impa...Show more Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.Show less
CVE-2010-3962 1Microsoft 1Internet Explorer Apr 22, 2026 Nov 5, 2010 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an...Show more Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.Show less
CVE-2010-2941 7Apple CanonicalDebian+4 more 13Cups Debian LinuxEnterprise Linux+10 more Apr 29, 2026 Nov 5, 2010 N/A· v4 9.8 CRITICAL· v3 9.3 HIGH· v2 ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application c...Show more ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.Show less
CVE-2010-3328 1Microsoft 1Internet Explorer Apr 29, 2026 Oct 13, 2010 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a styl...Show more Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."Show less
CVE-2010-1825 1Google 1Chrome Apr 29, 2026 Sep 24, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG element...Show more Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements.Show less
CVE-2010-1824 2Apple Google 2Chrome Itunes Apr 29, 2026 Sep 24, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service vi...Show more Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages.Show less
CVE-2010-1823 2Apple Google 3Chrome ItunesSafari Apr 29, 2026 Sep 24, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger us...Show more Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.Show less
CVE-2010-1772 5Canonical FedoraprojectGoogle+2 more 5Chrome Enterprise LinuxFedora+2 more Apr 29, 2026 Sep 24, 2010 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (applica...Show more Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.Show less

Previous 1...360 361362363 364 Next