Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-13045

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-29 Jun, 2019 | 13:58
Updated At-04 Aug, 2024 | 23:41
Rejected At-
Credits

Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:29 Jun, 2019 | 13:58
Updated At:04 Aug, 2024 | 23:41
Rejected At:
▼CVE Numbering Authority (CNA)

Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/irssi/irssi/commit/d23b0d22cc611e43c88d99192a59f413f951a955
x_refsource_MISC
https://irssi.org/security/irssi_sa_2019_06.txt
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2019/06/29/1
mailing-list
x_refsource_MLIST
https://seclists.org/bugtraq/2019/Jun/41
mailing-list
x_refsource_BUGTRAQ
http://packetstormsecurity.com/files/153480/Slackware-Security-Advisory-irssi-Updates.html
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00004.html
vendor-advisory
x_refsource_SUSE
http://www.securityfocus.com/bid/108998
vdb-entry
x_refsource_BID
https://usn.ubuntu.com/4046-1/
vendor-advisory
x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00030.html
vendor-advisory
x_refsource_SUSE
Hyperlink: https://github.com/irssi/irssi/commit/d23b0d22cc611e43c88d99192a59f413f951a955
Resource:
x_refsource_MISC
Hyperlink: https://irssi.org/security/irssi_sa_2019_06.txt
Resource:
x_refsource_MISC
Hyperlink: http://www.openwall.com/lists/oss-security/2019/06/29/1
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://seclists.org/bugtraq/2019/Jun/41
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://packetstormsecurity.com/files/153480/Slackware-Security-Advisory-irssi-Updates.html
Resource:
x_refsource_MISC
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00004.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.securityfocus.com/bid/108998
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://usn.ubuntu.com/4046-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00030.html
Resource:
vendor-advisory
x_refsource_SUSE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/irssi/irssi/commit/d23b0d22cc611e43c88d99192a59f413f951a955
x_refsource_MISC
x_transferred
https://irssi.org/security/irssi_sa_2019_06.txt
x_refsource_MISC
x_transferred
http://www.openwall.com/lists/oss-security/2019/06/29/1
mailing-list
x_refsource_MLIST
x_transferred
https://seclists.org/bugtraq/2019/Jun/41
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://packetstormsecurity.com/files/153480/Slackware-Security-Advisory-irssi-Updates.html
x_refsource_MISC
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00004.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.securityfocus.com/bid/108998
vdb-entry
x_refsource_BID
x_transferred
https://usn.ubuntu.com/4046-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00030.html
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://github.com/irssi/irssi/commit/d23b0d22cc611e43c88d99192a59f413f951a955
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://irssi.org/security/irssi_sa_2019_06.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2019/06/29/1
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://seclists.org/bugtraq/2019/Jun/41
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://packetstormsecurity.com/files/153480/Slackware-Security-Advisory-irssi-Updates.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00004.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/108998
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://usn.ubuntu.com/4046-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00030.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:29 Jun, 2019 | 14:15
Updated At:03 Jul, 2019 | 15:15

Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.1HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
irssi
irssi
>>irssi>>Versions from 0.8.18(inclusive) to 1.0.8(exclusive)
cpe:2.3:a:irssi:irssi:*:*:*:*:*:*:*:*
irssi
irssi
>>irssi>>Versions from 1.1.0(inclusive) to 1.1.3(exclusive)
cpe:2.3:a:irssi:irssi:*:*:*:*:*:*:*:*
irssi
irssi
>>irssi>>Versions from 1.2.0(inclusive) to 1.2.1(exclusive)
cpe:2.3:a:irssi:irssi:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Primarynvd@nist.gov
CWE ID: CWE-416
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00004.htmlcve@mitre.org
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00030.htmlcve@mitre.org
N/A
http://packetstormsecurity.com/files/153480/Slackware-Security-Advisory-irssi-Updates.htmlcve@mitre.org
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/06/29/1cve@mitre.org
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/108998cve@mitre.org
N/A
https://github.com/irssi/irssi/commit/d23b0d22cc611e43c88d99192a59f413f951a955cve@mitre.org
Patch
Third Party Advisory
https://irssi.org/security/irssi_sa_2019_06.txtcve@mitre.org
Vendor Advisory
https://seclists.org/bugtraq/2019/Jun/41cve@mitre.org
Mailing List
Third Party Advisory
https://usn.ubuntu.com/4046-1/cve@mitre.org
N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00004.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00030.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://packetstormsecurity.com/files/153480/Slackware-Security-Advisory-irssi-Updates.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2019/06/29/1
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/108998
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/irssi/irssi/commit/d23b0d22cc611e43c88d99192a59f413f951a955
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://irssi.org/security/irssi_sa_2019_06.txt
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://seclists.org/bugtraq/2019/Jun/41
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/4046-1/
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1136Records found
CVE-2007-4398
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.72% / 82.55%
||
7 Day CHG~0.00%
Published-18 Aug, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

Action-Not Available
Vendor-irssin/a
Product-irssin/a
CVE-2007-4397
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.25% / 88.89%
||
7 Day CHG~0.00%
Published-18 Aug, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

Action-Not Available
Vendor-mikachukristof_korwisituomas_jormolairssisimonricardo_mesquitan/a
Product-mpg123l33t_xmms_music_showing_scriptxmmsinfoirssixmms2ixmmsaogg123n/a
CVE-2010-1155
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.79% / 73.95%
||
7 Day CHG~0.00%
Published-16 Apr, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate.

Action-Not Available
Vendor-irssin/a
Product-irssin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-4399
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.14% / 78.59%
||
7 Day CHG~0.00%
Published-18 Aug, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

Action-Not Available
Vendor-irssin/a
Product-irssin/a
CVE-2017-7191
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.63% / 85.81%
||
7 Day CHG+0.56%
Published-27 Mar, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-irssin/a
Product-irssin/a
CWE ID-CWE-416
Use After Free
CVE-2017-5194
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.87% / 83.25%
||
7 Day CHG~0.00%
Published-03 Mar, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message.

Action-Not Available
Vendor-irssin/aDebian GNU/Linux
Product-debian_linuxirssin/a
CWE ID-CWE-416
Use After Free
CVE-2017-15227
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.86%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on.

Action-Not Available
Vendor-irssin/a
Product-irssin/a
CWE ID-CWE-416
Use After Free
CVE-2023-29132
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.40% / 60.90%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line.

Action-Not Available
Vendor-irssin/a
Product-irssin/a
CWE ID-CWE-416
Use After Free
CVE-2019-5882
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.52% / 67.04%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer.

Action-Not Available
Vendor-irssin/aCanonical Ltd.
Product-ubuntu_linuxirssin/a
CWE ID-CWE-416
Use After Free
CVE-2019-15717
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.76% / 73.48%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 16:07
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP.

Action-Not Available
Vendor-irssin/aCanonical Ltd.
Product-ubuntu_linuxirssin/a
CWE ID-CWE-416
Use After Free
CVE-2018-7054
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 74.26%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 20:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191.

Action-Not Available
Vendor-irssin/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxirssidebian_linuxn/a
CWE ID-CWE-416
Use After Free
CVE-2018-7053
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.82% / 74.51%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 20:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.

Action-Not Available
Vendor-irssin/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxirssidebian_linuxn/a
CWE ID-CWE-416
Use After Free
CVE-2017-10966
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.78% / 73.80%
||
7 Day CHG-0.05%
Published-07 Jul, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free conditions on each access of the hash table.

Action-Not Available
Vendor-irssin/a
Product-irssin/a
CWE ID-CWE-416
Use After Free
CVE-2018-14315
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.37% / 58.73%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 20:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of annotations. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6328.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerFoxit Reader
CWE ID-CWE-416
Use After Free
CVE-2015-7619
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-1.78% / 82.83%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ANShareFile2 method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7620, and CVE-2015-7623.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-416
Use After Free
CVE-2018-14304
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.37% / 58.73%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 20:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Text annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6220.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerFoxit Reader
CWE ID-CWE-416
Use After Free
CVE-2018-14298
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.37% / 58.73%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 20:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Ink annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6214.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerFoxit Reader
CWE ID-CWE-416
Use After Free
CVE-2018-14300
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.37% / 58.73%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 20:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Polygon annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6216.

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readern/a
CWE ID-CWE-416
Use After Free
CVE-2018-14296
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.37% / 58.73%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 20:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Circle annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6212.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerFoxit Reader
CWE ID-CWE-416
Use After Free
CVE-2018-14303
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.37% / 58.73%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 20:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of StrikeOut annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6219.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerFoxit Reader
CWE ID-CWE-416
Use After Free
CVE-2018-14288
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.25% / 48.28%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 20:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arguments passed to the setFocus function. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5642.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerFoxit Reader
CWE ID-CWE-416
Use After Free
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2015-6689
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-1.30% / 79.86%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a crafted WillSave document action, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6688, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-416
Use After Free
CVE-2018-14308
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.37% / 58.73%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 20:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the valueAsString function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6326.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerFoxit Reader
CWE ID-CWE-416
Use After Free
CVE-2018-14306
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.37% / 58.73%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 20:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of button objects. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6266.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerFoxit Reader
CWE ID-CWE-416
Use After Free
CVE-2011-3958
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-2.29% / 84.84%
||
7 Day CHG~0.00%
Published-09 Feb, 2012 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-416
Use After Free
CVE-2018-14297
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.37% / 58.73%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 20:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of FreeText annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6213.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerFoxit Reader
CWE ID-CWE-416
Use After Free
CVE-2018-14309
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.37% / 58.73%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 20:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the SeedValue Generic Object parameter provided to the signatureSetSeedValue function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6329.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerFoxit Reader
CWE ID-CWE-416
Use After Free
CVE-2022-33027
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 37.53%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 13:33
Updated-03 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-416
Use After Free
CVE-2018-14294
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.37% / 58.73%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 20:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of FileAttachment annotations. By manipulating a document's elements an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6211.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerFoxit Reader
CWE ID-CWE-416
Use After Free
CVE-2018-14314
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.37% / 58.73%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 20:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of annotations. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6327.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerFoxit Reader
CWE ID-CWE-416
Use After Free
CVE-2018-14307
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.37% / 58.73%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 20:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Link objects. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6267.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerFoxit Reader
CWE ID-CWE-416
Use After Free
CVE-2011-3971
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-1.96% / 83.67%
||
7 Day CHG~0.00%
Published-09 Feb, 2012 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-416
Use After Free
CVE-2011-3073
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.92% / 83.48%
||
7 Day CHG~0.00%
Published-05 Apr, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-416
Use After Free
CVE-2011-3038
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.66% / 71.28%
||
7 Day CHG~0.00%
Published-05 Mar, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to multi-column handling.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLC
Product-itunesiphone_ossafarichromeopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2011-3016
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.96% / 83.63%
||
7 Day CHG~0.00%
Published-16 Feb, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-416
Use After Free
CVE-2011-3888
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-2.10% / 84.22%
||
7 Day CHG~0.00%
Published-25 Oct, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-416
Use After Free
CVE-2011-3071
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.92% / 83.48%
||
7 Day CHG~0.00%
Published-05 Apr, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-416
Use After Free
CVE-2011-3053
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.45% / 89.14%
||
7 Day CHG~0.00%
Published-22 Mar, 2012 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLC
Product-itunesiphone_ossafarichromeopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2011-3031
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.82% / 86.26%
||
7 Day CHG~0.00%
Published-05 Mar, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the element wrapper in Google V8, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLCopenSUSE
Product-chromeopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2011-2857
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-2.10% / 84.22%
||
7 Day CHG~0.00%
Published-17 Sep, 2011 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-416
Use After Free
CVE-2018-14299
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.37% / 58.73%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 20:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Line annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6215.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerFoxit Reader
CWE ID-CWE-416
Use After Free
CVE-2011-3897
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-2.10% / 84.22%
||
7 Day CHG~0.00%
Published-11 Nov, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-416
Use After Free
CVE-2011-3017
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.63% / 70.42%
||
7 Day CHG~0.00%
Published-16 Feb, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-416
Use After Free
CVE-2011-3074
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.42% / 80.73%
||
7 Day CHG~0.00%
Published-05 Apr, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-416
Use After Free
CVE-2018-14293
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.68%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 20:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6233.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerFoxit Reader
CWE ID-CWE-416
Use After Free
CVE-2011-3035
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.36% / 85.06%
||
7 Day CHG~0.00%
Published-05 Mar, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLC
Product-itunesiphone_ossafarichromeopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2011-3041
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.36% / 85.06%
||
7 Day CHG~0.00%
Published-05 Mar, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of class attributes.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLC
Product-itunesiphone_ossafarichromeopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2011-3023
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.62% / 70.16%
||
7 Day CHG~0.00%
Published-16 Feb, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to drag-and-drop operations.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-416
Use After Free
CVE-2011-2846
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-2.10% / 84.22%
||
7 Day CHG~0.00%
Published-17 Sep, 2011 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-416
Use After Free
CVE-2011-3076
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.42% / 80.73%
||
7 Day CHG~0.00%
Published-05 Apr, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 22
  • 23
  • Next
Details not found