CWE-416

High likelihood

Use After Free

Parent: CWE-825 - Expired Pointer Dereference

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

7,681 vulnerabilities with CWE-416
CVE-2016-6964 CRITICAL
Adobe Acrobat/Reader <11.0.18, DC Classic <15.006.30243, DC Continuous <15.020.20039 Use-After-Free
CVSS 9.8
CVE-2016-6963 CRITICAL
Adobe Acrobat/Reader <11.0.18, DC <15.006.30243, <15.020.20039 Use-After-Free
CVSS 9.8
CVE-2016-6962 CRITICAL
Adobe Acrobat and Reader < 11.0.18, Acrobat DC < 15.006.30243, Acrobat Reader DC < 15.020.20039 - Use-After-Free
CVSS 9.8
CVE-2016-6961 CRITICAL
Adobe Acrobat/Reader <11.0.18, DC Classic <15.006.30243, DC Continuous <15.020.20039 Use-After-Free
CVSS 9.8
CVE-2016-6953 CRITICAL
Adobe Acrobat/Reader <11.0.18, DC Classic <15.006.30243, DC Continuous <15.020.20039 Use-After-Free
CVSS 9.8
CVE-2016-6952 CRITICAL
Adobe Acrobat/Reader <11.0.18, DC <15.006.30243, <15.020.20039 Use-After-Free
CVSS 9.8
CVE-2016-6949 CRITICAL
Adobe Acrobat and Reader < 11.0.18 - Use-After-Free
CVSS 9.8
CVE-2016-6946 CRITICAL
Adobe Acrobat/Reader < 11.0.18, DC < 15.006.30243/15.020.20039 Use-After-Free
CVSS 9.8
CVE-2016-6945 CRITICAL
Adobe Acrobat/Reader < 11.0.18, DC < 15.006.30243/15.020.20039 Use-After-Free
CVSS 9.8
CVE-2016-6944 CRITICAL
Adobe Acrobat/Reader <11.0.18, DC <15.006.30243, <15.020.20039 Use-After-Free
CVSS 9.8
CVE-2016-1091 CRITICAL
Adobe Acrobat/Reader <11.0.18, DC Classic <15.006.30243, DC Continuous <15.020.20039 Use-After-Free
CVSS 9.8
CVE-2016-1089 CRITICAL
Adobe Acrobat < 11.0.17 - Use After Free
CVSS 9.8
CVE-2016-7020 HIGH
Adobe Flash Player < 18.0.0.366, 19.x-22.x < 22.0.0.209, < 11.2.202.632 - Use-After-Free
CVSS 8.8
CVE-2016-6309 CRITICAL
OpenSSL 1.1.0a - Use-After-Free in statem/statem.c
CVSS 9.8
CVE-2016-6980 CRITICAL
Adobe Digital Editions < 4.5.2 - Use-After-Free
CVSS 9.8
CVE-2016-5171 HIGH
Google Chrome < 53.0.2785.101 - Use-After-Free via JavaScript Constructor Calls
CVSS 8.8
CVE-2016-5170 HIGH
Google Chrome < 53.0.2785.101 - Use-After-Free via IndexedDB API
CVSS 8.8
CVE-2016-5281 CRITICAL
Firefox < 48.0.2 - Remote Code Execution via DOMSVGLength Use-After-Free
CVSS 9.8
CVE-2016-5280 CRITICAL
Firefox < 49.0 - Use-After-Free in Bidirectional Text Handling
CVSS 9.8
CVE-2016-5277 CRITICAL
Firefox < 49.0 - Use-After-Free in nsRefreshDriver::Tick
CVSS 9.8
CVE-2016-5276 CRITICAL
Firefox < 49.0 - Use-After-Free via aria-owns Attribute
CVSS 9.8
CVE-2016-5274 CRITICAL
Firefox < 48.0.2 - Use-After-Free in nsFrameManager::CaptureFrameState
CVSS 9.8
CVE-2016-6265 MEDIUM
MuPDF < 1.9 - Use-After-Free in pdf_load_xref
CVSS 5.5
CVE-2016-7154 MEDIUM
Xen 4.4.x - Use-After-Free in FIFO Event Channel Code
CVSS 6.7
CVE-2016-7413 CRITICAL
PHP < 5.6.26 and 7.x < 7.0.11 - Use-After-Free in WDDX Deserialization
CVSS 9.8
Details
Vulnerabilities 7,681
Exploit Likelihood High