CWE:
 

Topic
Date
Author
Med.
PHP 5.6.9 Use-After-Free
10.06.2015
High-Tech Bridge Secur...


CVEMAP Search Results

CVE
Details
Description
2018-02-15
Medium
CVE-2018-7054

Vendor: Irssi
Software: Irssi
 

 
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191.

 
Medium
CVE-2018-7053

Vendor: Irssi
Software: Irssi
 

 
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.

 
2018-02-07
Medium
CVE-2017-5129

Vendor: Google
Software: Chrome
 

 
A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

 
Medium
CVE-2017-5126

Vendor: Google
Software: Chrome
 

 
A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

 
2018-02-02
Medium
CVE-2018-6548

Vendor: Webmproject
Software: Libwebm
 

 
A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame_ would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame_ could be freed while the corresponding pointer would not be updated, leading to a dangling pointer. This is related to the function OutputCluster in webm_info.cc.

 
2018-01-27
Medium
CVE-2018-6359

Vendor: Libming
Software: Libming
 

 
The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file.

 
2018-01-26
High
CVE-2017-12374

Vendor: Clamav
Software: Clamav
 

 
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition.

 
2018-01-17
Low
CVE-2018-5747

Vendor: Lrzip project
Software: Lrzip
 

 
In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.

 
2018-01-16
Low
CVE-2014-9482

Updating...
 

 
Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through 20140805 might allow remote attackers to cause a denial of service (program crash) via a crafted ELF file.

 
2018-01-14
High
CVE-2017-15126

Vendor: Linux
Software: Linux kernel
 

 
A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put().

 

 


Copyright 2018, cxsecurity.com

 

Back to Top