VYPR

CWE-416

Use After Free

VariantStableLikelihood: High

Description

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (2,306)

page 35 of 116
  • CVE-2020-35870CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API use-after-free.

  • CVE-2020-35902CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed.

  • CVE-2019-13721HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-16881CriSep 25, 2019
    risk 0.57cvss 9.8epss 0.03

    An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback.

  • CVE-2019-16140CriSep 9, 2019
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion.

  • CVE-2019-16138CriSep 9, 2019
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution.

  • CVE-2019-15552CriAug 26, 2019
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the libflate crate before 0.1.25 for Rust. MultiDecoder::read has a use-after-free, leading to arbitrary code execution.

  • CVE-2018-3997HigOct 8, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker…

  • CVE-2018-3996HigOct 8, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs…

  • CVE-2018-3992HigOct 8, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker…

  • CVE-2018-3945HigOct 8, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker…

  • CVE-2018-3942HigOct 8, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs…

  • CVE-2018-3941HigOct 8, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker…

  • CVE-2018-3940HigOct 8, 2018
    risk 0.57cvss 8.8epss 0.02

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused. An attacker needs to trick the user to open the…

  • CVE-2018-3995HigOct 3, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs…

  • CVE-2018-3994HigOct 3, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker…

  • CVE-2018-3993HigOct 3, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker…

  • CVE-2018-3946HigOct 3, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs…

  • CVE-2018-3944HigOct 2, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs…

  • CVE-2018-3943HigOct 2, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs…