The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
7,684 vulnerabilities with CWE-416
CVE-2009-2416
MEDIUM
libxml2/libxml <2.7 - Use After Free
CVSS 6.5
CVE-2009-1837
HIGH
Firefox 3.0-3.0.10 - Remote Code Execution via Race Condition in Java Applet Loading
CVSS 7.5
CVE-2009-0749
HIGH
OptiPNG < 0.6.2 - Use-After-Free in GIFReadNextExtension
CVSS 7.8
CVE-2008-5038
CRITICAL
Novell eDirectory < 8.7.3 SP10 FTF1 - Use-After-Free via NCP Extension Information Request
CVSS 9.8
CVE-2008-3077
Linux Kernel < 2.6.25.10 - Use-After-Free in sys32_ptrace
CVE-2008-0077
HIGH
Microsoft Internet Explorer 6 SP1, 6 SP2, and 7 - Use-After-Free via SVG animateMotion Element
CVSS 8.8
CVE-2007-3929
Opera < 9.22 - Use-After-Free via BitTorrent Torrent File Header
CVE-2006-4997
HIGH
Linux Kernel < 2.6.18 - Use-After-Free in ATM Subsystem
CVSS 7.5
CVE-2006-4434
HIGH
Sendmail < 8.13.8 - Use-After-Free via Long Header Line
CVSS 7.5
Details
Vulnerabilities
7,684
Exploit Likelihood
High