CWE-416
Use After Free
Description
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (2,306)
page 11 of 116| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3084 | Cri | 0.64 | 9.8 | 0.09 | Jun 20, 2017 | Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the advertising metadata functionality. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2017-3075 | Cri | 0.64 | 9.8 | 0.09 | Jun 20, 2017 | Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2016-4473 | Cri | 0.64 | 9.8 | 0.08 | Jun 8, 2017 | /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833. | ||
| CVE-2016-7978 | Cri | 0.64 | 9.8 | 0.06 | May 23, 2017 | Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice. | ||
| CVE-2017-2518 | Cri | 0.64 | 9.8 | 0.05 | May 22, 2017 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code… | ||
| CVE-2017-2513 | Cri | 0.64 | 9.8 | 0.03 | May 22, 2017 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. A use-after-free vulnerability allows remote attackers… | ||
| CVE-2017-3063 | Cri | 0.64 | 9.8 | 0.09 | Apr 12, 2017 | Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2017-3062 | Cri | 0.64 | 9.8 | 0.10 | Apr 12, 2017 | Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2017-3059 | Cri | 0.64 | 9.8 | 0.10 | Apr 12, 2017 | Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2013-6647 | Cri | 0.64 | 9.8 | 0.01 | Apr 11, 2017 | A use-after-free in AnimationController::endAnimationUpdate in Google Chrome. | ||
| CVE-2017-7191 | Cri | 0.64 | 9.8 | 0.03 | Mar 27, 2017 | The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors. | ||
| CVE-2016-10188 | Cri | 0.64 | 9.8 | 0.03 | Mar 14, 2017 | Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire. | ||
| CVE-2016-3177 | Cri | 0.64 | 9.8 | 0.02 | Jan 23, 2017 | Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors. | ||
| CVE-2016-9678 | Cri | 0.64 | 9.8 | 0.03 | Jan 18, 2017 | Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2016-9936 | Cri | 0.64 | 9.8 | 0.04 | Jan 4, 2017 | The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete… | ||
| CVE-2016-9138 | Cri | 0.64 | 9.8 | 0.04 | Jan 4, 2017 | PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with… | ||
| CVE-2016-9137 | Cri | 0.64 | 9.8 | 0.05 | Jan 4, 2017 | Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during… | ||
| CVE-2016-7504 | Cri | 0.64 | 9.8 | 0.03 | Oct 29, 2016 | A use-after-free vulnerability was observed in Rp_toString function of Artifex Software, Inc. MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful exploitation of this issue can lead to code execution or denial of service condition. | ||
| CVE-2016-6993 | Cri | 0.64 | 9.8 | 0.06 | Oct 13, 2016 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified… | ||
| CVE-2016-6988 | Cri | 0.64 | 9.8 | 0.06 | Oct 13, 2016 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified… |
- risk 0.64cvss 9.8epss 0.09
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the advertising metadata functionality. Successful exploitation could lead to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.09
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Successful exploitation could lead to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.08
/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.
- risk 0.64cvss 9.8epss 0.06
Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.
- risk 0.64cvss 9.8epss 0.05
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code…
- risk 0.64cvss 9.8epss 0.03
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. A use-after-free vulnerability allows remote attackers…
- risk 0.64cvss 9.8epss 0.09
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.10
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.10
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.01
A use-after-free in AnimationController::endAnimationUpdate in Google Chrome.
- risk 0.64cvss 9.8epss 0.03
The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors.
- risk 0.64cvss 9.8epss 0.03
Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire.
- risk 0.64cvss 9.8epss 0.02
Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors.
- risk 0.64cvss 9.8epss 0.03
Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.
- risk 0.64cvss 9.8epss 0.04
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete…
- risk 0.64cvss 9.8epss 0.04
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with…
- risk 0.64cvss 9.8epss 0.05
Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during…
- risk 0.64cvss 9.8epss 0.03
A use-after-free vulnerability was observed in Rp_toString function of Artifex Software, Inc. MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful exploitation of this issue can lead to code execution or denial of service condition.
- risk 0.64cvss 9.8epss 0.06
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified…
- risk 0.64cvss 9.8epss 0.06
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified…