Vulnerabilities > Use After Free

DATE CVE VULNERABILITY TITLE RISK
2018-05-26 CVE-2018-11499 Use After Free vulnerability in Sass-Lang Libsass
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
network
low complexity
sass-lang CWE-416
critical
9.8
2018-05-26 CVE-2018-11496 Use After Free vulnerability in multiple products
In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation.
network
low complexity
long-range-zip-project debian CWE-416
6.5
2018-05-24 CVE-2018-11412 Use After Free vulnerability in multiple products
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.
network
high complexity
linux canonical CWE-416
5.9
2018-05-24 CVE-2018-1000039 Use After Free vulnerability in Artifex Mupdf
In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.
local
low complexity
artifex CWE-416
7.8
2018-05-24 CVE-2018-11410 Use After Free vulnerability in multiple products
An issue was discovered in Liblouis 3.5.0.
network
low complexity
liblouis canonical CWE-416
critical
9.8
2018-05-22 CVE-2018-11358 Use After Free vulnerability in multiple products
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash.
network
low complexity
wireshark debian CWE-416
7.5
2018-05-19 CVE-2018-4932 Use After Free vulnerability in Adobe Flash Player
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability.
network
low complexity
adobe CWE-416
8.8
2018-05-19 CVE-2018-4919 Use After Free vulnerability in Adobe Flash Player and Flash Player Desktop Runtime
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability.
network
low complexity
adobe CWE-416
8.8
2018-05-18 CVE-2017-18272 Use After Free vulnerability in Imagemagick
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.
network
low complexity
imagemagick CWE-416
6.5
2018-05-17 CVE-2018-11130 Use After Free vulnerability in Vcftools Project Vcftools 0.1.15
The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file.
local
low complexity
vcftools-project CWE-416
7.8