CWE-416

Use After Free

VariantStableLikelihood: High

Description

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Hierarchy (View 1000)

Parents

CWE-825

Children

none

CVEs mapped to this weakness (1,405)

page 55 of 71

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-6420	Med	0.36	5.5	0.00	Aug 7, 2017	The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression.
CVE-2015-5221	Med	0.36	5.5	0.00	Jul 25, 2017	Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVE-2017-9762	Med	0.36	5.5	0.00	Jun 19, 2017	The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file.
CVE-2017-9520	Med	0.36	5.5	0.00	Jun 8, 2017	The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file.
CVE-2017-8846	Med	0.36	5.5	0.01	May 8, 2017	The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.
CVE-2017-7946	Med	0.36	5.5	0.00	Apr 18, 2017	The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file.
CVE-2016-10217	Med	0.36	5.5	0.01	Apr 3, 2017	The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module.
CVE-2016-3179	Med	0.36	5.5	0.00	Mar 24, 2017	The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling.
CVE-2017-6966	Med	0.36	5.5	0.00	Mar 17, 2017	readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.
CVE-2017-5666	Med	0.36	5.5	0.00	Mar 1, 2017	The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (invalid free and crash) via a crafted file.
CVE-2016-4488	Med	0.36	5.5	0.00	Feb 24, 2017	Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec."
CVE-2016-4487	Med	0.36	5.5	0.00	Feb 24, 2017	Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec."
CVE-2016-8674	Med	0.36	5.5	0.00	Feb 15, 2017	The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.
CVE-2016-5824	Med	0.36	5.5	0.00	Jan 27, 2017	libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.
CVE-2016-5823	Med	0.36	5.5	0.00	Jan 27, 2017	The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.
CVE-2016-9401	Med	0.36	5.5	0.00	Jan 23, 2017	popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
CVE-2016-7906	Med	0.36	5.5	0.00	Jan 18, 2017	magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.
CVE-2016-9923	Med	0.36	5.5	0.00	Dec 23, 2016	Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS.
CVE-2016-6265	Med	0.36	5.5	0.01	Sep 22, 2016	Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
CVE-2016-1837	Med	0.36	5.5	0.01	May 20, 2016	Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.

CVE-2017-6420MedAug 7, 2017
risk 0.36cvss 5.5epss 0.00
The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression.
CVE-2015-5221MedJul 25, 2017
risk 0.36cvss 5.5epss 0.00
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVE-2017-9762MedJun 19, 2017
risk 0.36cvss 5.5epss 0.00
The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file.
CVE-2017-9520MedJun 8, 2017
risk 0.36cvss 5.5epss 0.00
The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file.
CVE-2017-8846MedMay 8, 2017
risk 0.36cvss 5.5epss 0.01
The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.
CVE-2017-7946MedApr 18, 2017
risk 0.36cvss 5.5epss 0.00
The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file.
CVE-2016-10217MedApr 3, 2017
risk 0.36cvss 5.5epss 0.01
The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module.
CVE-2016-3179MedMar 24, 2017
risk 0.36cvss 5.5epss 0.00
The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling.
CVE-2017-6966MedMar 17, 2017
risk 0.36cvss 5.5epss 0.00
readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.
CVE-2017-5666MedMar 1, 2017
risk 0.36cvss 5.5epss 0.00
The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (invalid free and crash) via a crafted file.
CVE-2016-4488MedFeb 24, 2017
risk 0.36cvss 5.5epss 0.00
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec."
CVE-2016-4487MedFeb 24, 2017
risk 0.36cvss 5.5epss 0.00
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec."
CVE-2016-8674MedFeb 15, 2017
risk 0.36cvss 5.5epss 0.00
The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.
CVE-2016-5824MedJan 27, 2017
risk 0.36cvss 5.5epss 0.00
libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.
CVE-2016-5823MedJan 27, 2017
risk 0.36cvss 5.5epss 0.00
The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.
CVE-2016-9401MedJan 23, 2017
risk 0.36cvss 5.5epss 0.00
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
CVE-2016-7906MedJan 18, 2017
risk 0.36cvss 5.5epss 0.00
magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.
CVE-2016-9923MedDec 23, 2016
risk 0.36cvss 5.5epss 0.00
Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS.
CVE-2016-6265MedSep 22, 2016
risk 0.36cvss 5.5epss 0.01
Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
CVE-2016-1837MedMay 20, 2016
risk 0.36cvss 5.5epss 0.01
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.