Skip to main content

Use After Free

memory HIGH

Use-after-free vulnerabilities occur when a program continues to access memory through a pointer after that memory has been deallocated.

How It Works

Use-after-free vulnerabilities occur when a program continues to access memory through a pointer after that memory has been deallocated. When memory is freed, it returns to the allocator's pool and may be reallocated for an entirely different purpose. The original pointer becomes "dangling"—it still points to that memory location, but the contents are now undefined or controlled by different code.

Attackers exploit this by orchestrating a three-step process: first, trigger the memory deallocation; second, cause the allocator to reassign that same memory region with attacker-controlled data (often through carefully timed allocations); third, trigger the program to dereference the dangling pointer. Because the memory now contains attacker data instead of the expected object, this can corrupt function pointers, vtables, or other critical structures.

The vulnerability is particularly dangerous in object-oriented code where freed objects contain function pointers or virtual method tables. When the program calls a method on the freed object, it may jump to attacker-controlled addresses. Browser engines are frequent targets because DOM manipulation allows attackers to control object allocation and deallocation timing through JavaScript, while kernel UAFs enable privilege escalation by manipulating file descriptors or process structures.

Impact

  • Arbitrary code execution — attacker overwrites function pointers or vtables to redirect program flow to malicious code
  • Privilege escalation — in kernel UAFs, gain root/system privileges by corrupting process credentials or security tokens
  • Information disclosure — read sensitive data from reallocated memory that wasn't properly cleared
  • Sandbox escape — break out of browser or application sandboxes by corrupting security-critical objects
  • Denial of service — crash the application through memory corruption, though attackers typically aim for exploitation rather than simple crashes

Real-World Examples

CVE-2021-30551 affected Chrome's V8 JavaScript engine, where improper handling of JavaScript typed arrays created a use-after-free in object property management. Attackers could trigger object deletion while retaining references, then reallocate the memory with controlled data to achieve code execution within the renderer process.

Windows kernel vulnerabilities like CVE-2020-17087 involved use-after-free conditions in the Windows keyboard layout handling code. Attackers exploited race conditions in keyboard layout switching to free kernel objects while retaining references, then reallocated the memory with controlled structures to elevate privileges from user to SYSTEM level.

The WhatsApp vulnerability CVE-2019-11932 demonstrated UAF exploitation in media parsing code, where specially crafted GIF files triggered premature memory deallocation. Subsequent access to the freed buffers allowed remote code execution without user interaction beyond receiving the malicious file.

Mitigation

  • Memory-safe languages — use Rust, Go, Swift, or other languages with automatic memory management
  • Smart pointers — employ RAII patterns and reference counting (unique_ptr, shared_ptr in C++)
  • AddressSanitizer (ASAN) — detect UAF during testing through instrumented builds
  • Immediate pointer nullification — set pointers to NULL after free() to cause immediate crashes rather than exploitable conditions
  • Garbage collection — languages with GC prevent manual memory management errors
  • Control Flow Integrity (CFI) — limits exploit impact by validating function pointer targets
  • Heap hardening — allocator metadata protection and delayed reuse policies increase exploitation difficulty

Recent CVEs (6128)

EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Use after free in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allowed an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption +2
NVD
EPSS 57% CVSS 7.8
HIGH POC PATCH THREAT This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free RCE Memory Corruption +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A race condition was found in the QXL driver in the Linux kernel. Rated high severity (CVSS 7.5). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Lenovo Denial Of Service +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2enc_auto_threshold_using_hash in src/jbig2enc.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Use-After-Free (UAF) vulnerability in the dubai module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multi-thread vulnerability in the idmap module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in Audio when SSR event is triggered after music playback is stopped. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +59
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Broadcom Linux Information Disclosure +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux +7
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Linux +3
NVD
EPSS 3% CVSS 7.3
HIGH PATCH This Week

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Use After Free RCE +3
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. Rated medium severity (CVSS 6.3). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 8% CVSS 8.8
HIGH PATCH This Week

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption +7
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In Bluetooth, there is a possible out of bounds read due to a use after free. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Use After Free +3
NVD
EPSS 0% CVSS 8.8
HIGH This Week

In Bluetooth, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Use After Free Privilege Escalation +3
NVD
EPSS 0% CVSS 8.8
HIGH This Week

In Bluetooth, there is a possibility of code-execution due to a use after free. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In libaudioclient, there is a possible out of bounds write due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Use After Free +3
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Adobe Acrobat for Edge version 118.0.2088.46 (and earlier) is affected by a Use After Free vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Use After Free Adobe Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Use After Free Privilege Escalation +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0).

Use After Free Privilege Escalation Denial Of Service +2
NVD
EPSS 1% CVSS 7.0
HIGH PATCH This Week

A use-after-free flaw was found in xorg-x11-server-Xvfb. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Memory Corruption +2
NVD
EPSS 1% CVSS 4.7
MEDIUM PATCH This Month

A use-after-free flaw was found in the xorg-x11-server. Rated medium severity (CVSS 4.7). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Memory Corruption +5
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE +7
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

During garbage collection extra operations were performed on a object that should not be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Denial Of Service +5
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption +20
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to v9.0.2010. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption +2
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

In lwis_transaction_client_cleanup of lwis_transaction.c, there is a possible way to corrupt memory due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Adobe Denial Of Service +2
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +12
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +12
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +12
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +12
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +12
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +12
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +12
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +12
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +12
NVD
EPSS 1% CVSS 7.0
HIGH PATCH This Week

Windows Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +10
NVD
EPSS 2% CVSS 7.0
HIGH PATCH This Week

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption +12
NVD
EPSS 4% CVSS 7.8
HIGH PATCH This Week

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption +12
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption +13
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Windows Named Pipe Filesystem Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption +8
NVD
EPSS 1% CVSS 7.3
HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +13
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Microsoft Office Graphics Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Microsoft +3
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Fortinet Denial Of Service +3
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In jpg driver, there is a possible use after free due to a logic error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Denial Of Service +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Use After Free Apple +5
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Python +2
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM This Month

A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. Rated medium severity (CVSS 4.7). No vendor patch available.

Use After Free Information Disclosure Memory Corruption +2
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

A local non-privileged user can make improper GPU processing operations to exploit a software race condition. Rated medium severity (CVSS 4.7). No vendor patch available.

Use After Free Information Disclosure Memory Corruption +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in Automotive Display while destroying the image handle created using connected display driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption +21
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in DSP Service during a remote call from HLOS to DSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +131
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux +3
NVD
EPSS 1% CVSS 5.5
MEDIUM KEV THREAT This Month

A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Denial Of Service +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla +5
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Denial Of Service +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Mozilla Denial Of Service +6
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE +6
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE +5
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption +2
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Samsung Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service +2
NVD
Prev Page 36 of 69 Next

Quick Facts

Typical Severity
HIGH
Category
memory
Total CVEs
6128

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy