Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,425)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2011-0475 1Google 2Chrome Chrome Os Apr 29, 2026 Jan 14, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document.
CVE-2011-0346 1Microsoft 1Internet Explorer Apr 29, 2026 Jan 7, 2011 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) vi...Show more Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."Show less
CVE-2010-4493 2Debian Google 2Chrome Debian Linux Apr 29, 2026 Dec 7, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events.
CVE-2010-4492 2Debian Google 2Chrome Debian Linux Apr 29, 2026 Dec 7, 2010 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations.
CVE-2010-4169 4Fedoraproject LinuxOpensuse+1 more 6Fedora Linux Enterprise DesktopLinux Enterprise Real Time Extension+3 more Apr 29, 2026 Nov 22, 2010 N/A· v4 N/A· v3 4.9 MEDIUM· v2 Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call.
CVE-2010-4168 2Fedoraproject Openttd 2Fedora Openttd Apr 29, 2026 Nov 17, 2010 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from...Show more Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp.Show less
CVE-2010-4201 1Google 1Chrome Apr 29, 2026 Nov 6, 2010 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections.
CVE-2010-4197 3Fedoraproject GoogleWebkitgtk 3Chrome FedoraWebkitgtk Apr 29, 2026 Nov 6, 2010 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impa...Show more Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.Show less
CVE-2010-3962 1Microsoft 1Internet Explorer Apr 22, 2026 Nov 5, 2010 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an...Show more Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.Show less
CVE-2010-2941 7Apple CanonicalDebian+4 more 13Cups Debian LinuxEnterprise Linux+10 more Apr 29, 2026 Nov 5, 2010 N/A· v4 9.8 CRITICAL· v3 9.3 HIGH· v2 ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application c...Show more ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.Show less
CVE-2010-3328 1Microsoft 1Internet Explorer Apr 29, 2026 Oct 13, 2010 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a styl...Show more Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."Show less
CVE-2010-1825 1Google 1Chrome Apr 29, 2026 Sep 24, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG element...Show more Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements.Show less
CVE-2010-1824 2Apple Google 2Chrome Itunes Apr 29, 2026 Sep 24, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service vi...Show more Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages.Show less
CVE-2010-1823 2Apple Google 3Chrome ItunesSafari Apr 29, 2026 Sep 24, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger us...Show more Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.Show less
CVE-2010-1772 5Canonical FedoraprojectGoogle+2 more 5Chrome Enterprise LinuxFedora+2 more Apr 29, 2026 Sep 24, 2010 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (applica...Show more Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.Show less
CVE-2010-3257 4Apple CanonicalGoogle+1 more 5Chrome Iphone OsSafari+2 more Apr 29, 2026 Sep 7, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause...Show more Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.Show less
CVE-2010-3252 1Google 1Chrome Apr 29, 2026 Sep 7, 2010 N/A· v4 N/A· v3 10.0 HIGH· v2 Use-after-free vulnerability in the Notifications presenter in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2010-3116 4Apple CanonicalGoogle+1 more 5Chrome Iphone OsSafari+2 more Apr 29, 2026 Aug 24, 2010 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary co...Show more Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.Show less
CVE-2010-2547 3Debian FedoraprojectGnupg 3Debian Linux FedoraGnupg Apr 29, 2026 Aug 5, 2010 N/A· v4 8.1 HIGH· v3 5.1 MEDIUM· v2 Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large numbe...Show more Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.Show less
CVE-2010-2753 3Mozilla OpensuseSuse 7Firefox Linux Enterprise DesktopLinux Enterprise Server+4 more Apr 29, 2026 Jul 30, 2010 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a la...Show more Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.Show less

Previous 1...368 369370371 372 Next