CWE-416

High likelihood

Use After Free

Parent: CWE-825 - Expired Pointer Dereference

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

7,684 vulnerabilities with CWE-416
CVE-2010-1825
Google Chrome < 6.0.472.59 - Use-After-Free via Nested SVG Elements
CVE-2010-1824
Google Chrome < 6.0.472.59 - Use-After-Free via SVG Style Handling
CVE-2010-1823
Google Chrome < 6.0.472.59 - Use-After-Free via Document API During Parsing
CVE-2010-1772 HIGH
Google Chrome < 5.0.375.70 - Use-After-Free in Geolocation Timer Handling
CVSS 8.8
CVE-2010-3257
WebKit <4.1.3-5.0.3 - Use After Free
CVE-2010-3252
Google Chrome <6.0.472.53 - Memory Corruption
CVE-2010-3116
WebKit <4.1.3-5.0.3 - Use After Free
CVE-2010-2547 HIGH
GnuPG 2.0.0-2.0.16 - Use-After-Free in Keybox Blob Certificate Handling
CVSS 8.1
CVE-2010-2753 HIGH
Mozilla Firefox <3.5.11 & <3.6.7 - RCE
CVSS 8.8
CVE-2010-1208 HIGH
Mozilla Firefox <3.5.11 & SeaMonkey <2.0.6 - Use After Free
CVSS 8.8
CVE-2010-2302
Google Chrome < 5.0.375.70 - Use-After-Free via Remote Fonts with Shadow DOM Trees
CVE-2010-2300
Google Chrome < 5.0.375.70 - Use-After-Free in Element::normalizeAttributes
CVE-2010-1437 HIGH
Linux Kernel < 2.6.34 - Race Condition in Keyring Deletion
CVSS 7.0
CVE-2010-0629 MEDIUM
MIT Kerberos 5 1.5-1.6.3 - Authenticated Denial of Service via Invalid API Version Number
CVSS 6.5
CVE-2010-0050 HIGH
Apple Safari < 4.0.5 - Use-After-Free via Improperly Nested HTML Tags
CVSS 8.8
CVE-2010-0806 HIGH KEV
Microsoft Internet Explorer <7 - Use After Free
CVSS 8.8
CVE-2010-0302 HIGH
CUPS < 1.4.4 - Use-After-Free in File Descriptor Handling
CVSS 7.5
CVE-2010-0248 HIGH
Microsoft Internet Explorer 6, 6 SP1, 7, 8 - Remote Code Execution via Memory Corruption
CVSS 8.1
CVE-2010-0378 HIGH
Adobe Flash Player 6.0.79 - Remote Code Execution via Movie Unloading
CVSS 8.8
CVE-2010-0249 HIGH KEV
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 - Use-After-Free via HTML Object Memory Corruption
CVSS 8.8
CVE-2009-4324 HIGH KEV
Adobe Reader/Acrobat <9.3-8.2 - RCE
CVSS 7.8
CVE-2009-3671 HIGH
Internet Explorer 8 - Remote Code Execution via Uninitialized Memory Corruption
CVSS 8.1
CVE-2009-3553 HIGH
CUPS 1.3.7 and 1.3.10 - Use-After-Free in File-Descriptor Handling
CVSS 7.5
CVE-2009-3616 CRITICAL
QEMU < 0.10.6 - Use-After-Free in VNC Server via Client Disconnect or Fuzzy Screen Mode
CVSS 9.9
CVE-2009-3658 HIGH
AOL SuperBuddy ActiveX Control - Use-After-Free via SetSuperBuddy Method
CVSS 8.8
Details
Vulnerabilities 7,684
Exploit Likelihood High