Skip to main content

Use After Free

memory HIGH

Use-after-free vulnerabilities occur when a program continues to access memory through a pointer after that memory has been deallocated.

How It Works

Use-after-free vulnerabilities occur when a program continues to access memory through a pointer after that memory has been deallocated. When memory is freed, it returns to the allocator's pool and may be reallocated for an entirely different purpose. The original pointer becomes "dangling"—it still points to that memory location, but the contents are now undefined or controlled by different code.

Attackers exploit this by orchestrating a three-step process: first, trigger the memory deallocation; second, cause the allocator to reassign that same memory region with attacker-controlled data (often through carefully timed allocations); third, trigger the program to dereference the dangling pointer. Because the memory now contains attacker data instead of the expected object, this can corrupt function pointers, vtables, or other critical structures.

The vulnerability is particularly dangerous in object-oriented code where freed objects contain function pointers or virtual method tables. When the program calls a method on the freed object, it may jump to attacker-controlled addresses. Browser engines are frequent targets because DOM manipulation allows attackers to control object allocation and deallocation timing through JavaScript, while kernel UAFs enable privilege escalation by manipulating file descriptors or process structures.

Impact

  • Arbitrary code execution — attacker overwrites function pointers or vtables to redirect program flow to malicious code
  • Privilege escalation — in kernel UAFs, gain root/system privileges by corrupting process credentials or security tokens
  • Information disclosure — read sensitive data from reallocated memory that wasn't properly cleared
  • Sandbox escape — break out of browser or application sandboxes by corrupting security-critical objects
  • Denial of service — crash the application through memory corruption, though attackers typically aim for exploitation rather than simple crashes

Real-World Examples

CVE-2021-30551 affected Chrome's V8 JavaScript engine, where improper handling of JavaScript typed arrays created a use-after-free in object property management. Attackers could trigger object deletion while retaining references, then reallocate the memory with controlled data to achieve code execution within the renderer process.

Windows kernel vulnerabilities like CVE-2020-17087 involved use-after-free conditions in the Windows keyboard layout handling code. Attackers exploited race conditions in keyboard layout switching to free kernel objects while retaining references, then reallocated the memory with controlled structures to elevate privileges from user to SYSTEM level.

The WhatsApp vulnerability CVE-2019-11932 demonstrated UAF exploitation in media parsing code, where specially crafted GIF files triggered premature memory deallocation. Subsequent access to the freed buffers allowed remote code execution without user interaction beyond receiving the malicious file.

Mitigation

  • Memory-safe languages — use Rust, Go, Swift, or other languages with automatic memory management
  • Smart pointers — employ RAII patterns and reference counting (unique_ptr, shared_ptr in C++)
  • AddressSanitizer (ASAN) — detect UAF during testing through instrumented builds
  • Immediate pointer nullification — set pointers to NULL after free() to cause immediate crashes rather than exploitable conditions
  • Garbage collection — languages with GC prevent manual memory management errors
  • Control Flow Integrity (CFI) — limits exploit impact by validating function pointer targets
  • Heap hardening — allocator metadata protection and delayed reuse policies increase exploitation difficulty

Recent CVEs (6128)

EPSS 0% CVSS 7.8
HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free +2
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Month

Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free +14
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Month

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

Windows Subsystem for Linux Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure +9
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free +7
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

io_uring UAF, Unix SCM garbage collection. Rated medium severity (CVSS 5.3). No vendor patch available.

Memory Corruption Use After Free Information Disclosure +2
NVD
EPSS 59% 4.3 CVSS 5.3
MEDIUM POC PATCH THREAT This Month

It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. Rated medium severity (CVSS 5.3). Public exploit code available and EPSS exploitation probability 59.4%.

Linux Memory Corruption Use After Free +3
NVD GitHub
EPSS 2% 4.1 CVSS 5.3
MEDIUM POC KEV PATCH THREAT Act Now

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. Rated medium severity (CVSS 5.3). Actively exploited in the wild (cisa kev) and public exploit code available.

Memory Corruption Use After Free Information Disclosure +2
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. Rated medium severity (CVSS 5.3). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service +1
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. Rated high severity (CVSS 7.0). No vendor patch available.

Use After Free Linux Memory Corruption +5
NVD
EPSS 1% CVSS 8.8
HIGH This Month

Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Google +3
NVD
EPSS 1% CVSS 8.8
HIGH This Month

Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Google +3
NVD
EPSS 1% CVSS 8.8
HIGH This Month

Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Google +3
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

A use-after-free flaw was found in PackageKitd. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Privilege Escalation +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service +1
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Buffer Overflow +81
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in Audio when memory map command is executed consecutively in ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Sg8275p Firmware Qcn9074 Firmware Sm7250p Firmware +227
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Buffer Overflow +130
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Buffer Overflow +136
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Buffer Overflow +111
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Buffer Overflow +26
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Memory corruption while running VK synchronization with KASAN enabled. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Buffer Overflow +120
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

ehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after-free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Memory Corruption +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A use-after-free was identified in the `nsDNSService::Init`. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A use-after-free condition affected TLS socket creation when under memory pressure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Memory Corruption +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Blink in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Use After Free Adobe +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe +3
NVD
EPSS 93% CVSS 8.1
HIGH PATCH This Week

Windows MSHTML Platform Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +15
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Affected devices improperly handle specially crafted packets sent to port 102/tcp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +73
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service +2
NVD
EPSS 3% CVSS 9.6
CRITICAL PATCH Act Now

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Use After Free Microsoft +3
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 7.8
HIGH KEV PATCH THREAT This Week

Memory corruption in DSP Services during a remote call from HLOS to DSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +280
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory Corruption in Audio while invoking IOCTLs calls from the user-space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +55
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory Corruption in camera while installing a fd for a particular DMA buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +58
NVD
EPSS 5% CVSS 7.5
HIGH This Week

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Use After Free +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Use After Free +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In camera service, there is a possible use after free due to a logic error. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption +2
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption +2
NVD
EPSS 0% CVSS 4.7
MEDIUM POC PATCH This Month

Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. Public exploit code available.

Denial Of Service Use After Free Memory Corruption +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption +5
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Denial Of Service +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption +3
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Liblisp through commit 4c65969 was discovered to contain a use-after-free vulnerability in void hash_destroy(hash_table_t *h) at hash.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption +1
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Vim is an open source command line text editor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Memory Corruption +2
NVD GitHub VulDB
EPSS 1% CVSS 6.6
MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Use After Free RCE +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Adobe Denial Of Service +2
NVD
EPSS 3% CVSS 7.8
HIGH This Week

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe +6
NVD
EPSS 5% CVSS 7.8
HIGH This Week

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe +6
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe +6
NVD
EPSS 2% CVSS 5.5
MEDIUM This Month

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Adobe Denial Of Service +5
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe +6
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe +6
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption +1
NVD GitHub
EPSS 30% CVSS 8.8
HIGH This Week

Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
Prev Page 35 of 69 Next

Quick Facts

Typical Severity
HIGH
Category
memory
Total CVEs
6128

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy