VYPR

CWE-416

Use After Free

VariantStableLikelihood: High

Description

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (2,306)

page 18 of 116
  • CVE-2016-9584CriJan 18, 2017
    risk 0.59cvss 9.1epss 0.02

    libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file.

  • CVE-2025-55118HigSep 16, 2025
    risk 0.58cvss 8.9epss 0.00

    Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent…

  • CVE-2017-15399HigAug 28, 2018
    risk 0.58cvss 8.8epss 0.05

    A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-12797HigJul 20, 2018
    risk 0.58cvss 8.8epss 0.08

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-12796HigJul 20, 2018
    risk 0.58cvss 8.8epss 0.08

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-12783HigJul 20, 2018
    risk 0.58cvss 8.8epss 0.09

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-12776HigJul 20, 2018
    risk 0.58cvss 8.8epss 0.09

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-12773HigJul 20, 2018
    risk 0.58cvss 8.8epss 0.09

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-12772HigJul 20, 2018
    risk 0.58cvss 8.8epss 0.09

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-12770HigJul 20, 2018
    risk 0.58cvss 8.8epss 0.09

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-11529HigJul 11, 2018
    risk 0.58cvss 8.0epss 0.41

    VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.

  • CVE-2018-4980HigJul 9, 2018
    risk 0.58cvss 8.8epss 0.10

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-4974HigJul 9, 2018
    risk 0.58cvss 8.8epss 0.10

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-4971HigJul 9, 2018
    risk 0.58cvss 8.8epss 0.10

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-4954HigJul 9, 2018
    risk 0.58cvss 8.8epss 0.10

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-4952HigJul 9, 2018
    risk 0.58cvss 8.8epss 0.10

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-4932HigMay 19, 2018
    risk 0.58cvss 8.8epss 0.05

    Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-4919HigMay 19, 2018
    risk 0.58cvss 8.8epss 0.08

    Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-9951HigMay 17, 2018
    risk 0.58cvss 8.8epss 0.05

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2017-18220HigMar 5, 2018
    risk 0.58cvss 8.8epss 0.04

    The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403.