Vulnerabilities (CVE)

Filtered by CWE-416
Total 5699 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-12671 1 Imagemagick 1 Imagemagick 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service.
CVE-2017-9762 1 Radare 1 Radare2 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file.
CVE-2017-11176 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-20 7.2 HIGH 7.8 HIGH
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.
CVE-2017-14857 1 Exiv2 1 Exiv2 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack.
CVE-2017-7264 1 Artifex 1 Mupdf 2025-04-20 6.8 MEDIUM 5.3 MEDIUM
Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9703 1 Google 1 Android 2025-04-20 4.4 MEDIUM 7.0 HIGH
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a Camera driver can lead to a Use After Free condition.
CVE-2017-0727 1 Google 1 Android 2025-04-20 6.8 MEDIUM 7.8 HIGH
A elevation of privilege vulnerability in the Android media framework (libgui). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-33004354.
CVE-2017-2584 1 Linux 1 Linux Kernel 2025-04-20 3.6 LOW 7.1 HIGH
arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.
CVE-2016-10200 2 Google, Linux 2 Android, Linux Kernel 2025-04-20 6.9 MEDIUM 7.0 HIGH
Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.
CVE-2017-3059 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2025-04-20 10.0 HIGH 9.8 CRITICAL
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution.
CVE-2014-9930 1 Google 1 Android 2025-04-20 9.3 HIGH 7.8 HIGH
In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.
CVE-2017-6346 1 Linux 1 Linux Kernel 2025-04-20 6.9 MEDIUM 7.0 HIGH
Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls.
CVE-2017-11044 1 Google 1 Android 2025-04-20 4.4 MEDIUM 7.0 HIGH
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a KGSL driver function, a race condition exists which can lead to a Use After Free condition.
CVE-2017-3002 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more 2025-04-20 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability in the ActionScript2 TextField object related to the variable property. Successful exploitation could lead to arbitrary code execution.
CVE-2017-17820 2 Canonical, Nasm 2 Ubuntu Linux, Netwide Assembler 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.
CVE-2017-5073 5 Apple, Google, Linux and 2 more 8 Macos, Android, Chrome and 5 more 2025-04-20 6.8 MEDIUM 8.8 HIGH
Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2017-11215 6 Adobe, Apple, Google and 3 more 10 Flash Player, Macos, Chrome Os and 7 more 2025-04-20 10.0 HIGH 9.8 CRITICAL
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
CVE-2015-5221 4 Fedoraproject, Jasper Project, Opensuse and 1 more 5 Fedora, Jasper, Leap and 2 more 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVE-2017-7374 1 Linux 1 Linux Kernel 2025-04-20 7.2 HIGH 7.8 HIGH
Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.
CVE-2017-11092 1 Google 1 Android 2025-04-20 9.3 HIGH 7.8 HIGH
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the KGSL driver function kgsl_ioctl_gpu_command, a Use After Free condition can potentially occur.