VYPR

CWE-416

Use After Free

VariantStableLikelihood: High

Description

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (2,306)

page 20 of 116
  • CVE-2017-11218HigAug 11, 2017
    risk 0.58cvss 8.8epss 0.10

    Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in XFA event management. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3073HigMay 9, 2017
    risk 0.58cvss 8.8epss 0.05

    Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3071HigMay 9, 2017
    risk 0.58cvss 8.8epss 0.06

    Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-0070HigMar 17, 2017
    risk 0.58cvss 7.5epss 0.79

    A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the…

  • CVE-2017-3003HigMar 14, 2017
    risk 0.58cvss 8.8epss 0.05

    Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3002HigMar 14, 2017
    risk 0.58cvss 8.8epss 0.05

    Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability in the ActionScript2 TextField object related to the variable property. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3001HigMar 14, 2017
    risk 0.58cvss 8.8epss 0.05

    Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to garbage collection in the ActionScript 2 VM. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-2994HigFeb 15, 2017
    risk 0.58cvss 8.8epss 0.06

    Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-2993HigFeb 15, 2017
    risk 0.58cvss 8.8epss 0.06

    Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-2982HigFeb 15, 2017
    risk 0.58cvss 8.8epss 0.06

    Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-10150CriFeb 6, 2017
    risk 0.58cvss 9.8epss 0.10

    Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device.

  • CVE-2017-2937HigJan 11, 2017
    risk 0.58cvss 8.8epss 0.06

    Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-2936HigJan 11, 2017
    risk 0.58cvss 8.8epss 0.06

    Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7881HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.06

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class when handling conversion to an object. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7880HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.06

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability when setting the length property of an array object. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7879HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.08

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7878HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.08

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the PSDK's MediaPlayer class. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7877HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.06

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization (AFM0). Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7872HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.08

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class related to objects at multiple presentation levels. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7864HigNov 8, 2016
    risk 0.58cvss 8.8epss 0.07

    Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.