VYPR

CWE-416

Use After Free

VariantStableLikelihood: High

Description

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (2,306)

page 115 of 116
  • CVE-2011-1809Jun 9, 2011
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in the accessibility feature in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2011-1808Jun 9, 2011
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to incorrect integer calculations during float handling.

  • CVE-2011-1454May 3, 2011
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in the DOM id handling functionality in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.

  • CVE-2011-1449May 3, 2011
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2011-1440May 3, 2011
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.

  • CVE-2011-1301Apr 15, 2011
    risk 0.00cvss epss 0.04

    Use-after-free vulnerability in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2011-1293Mar 25, 2011
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2011-1292Mar 25, 2011
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2011-1195Mar 11, 2011
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "document script lifetime handling."

  • CVE-2011-1191Mar 11, 2011
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of DOM URLs.

  • CVE-2011-1124Mar 1, 2011
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to blocked plug-ins.

  • CVE-2011-1059Feb 22, 2011
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that…

  • CVE-2011-0982Feb 10, 2011
    risk 0.00cvss epss 0.03

    Use-after-free vulnerability in Google Chrome before 9.0.597.94 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG font faces.

  • CVE-2011-0777Feb 4, 2011
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading.

  • CVE-2011-0475Jan 14, 2011
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document.

  • CVE-2010-4493Dec 7, 2010
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events.

  • CVE-2010-4492Dec 7, 2010
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations.

  • CVE-2010-4169Nov 22, 2010
    risk 0.00cvss epss 0.00

    Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call.

  • CVE-2010-1825Sep 24, 2010
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements.

  • CVE-2010-1824Sep 24, 2010
    risk 0.00cvss epss 0.04

    Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error…