Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-34366

Summary
Assigner-talos
Assigner Org ID-b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At-19 Oct, 2023 | 17:00
Updated At-04 Nov, 2025 | 19:16
Rejected At-
Credits

A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:talos
Assigner Org ID:b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At:19 Oct, 2023 | 17:00
Updated At:04 Nov, 2025 | 19:16
Rejected At:
▼CVE Numbering Authority (CNA)

A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability.

Affected Products
Vendor
Ichitaro 2023
Product
Ichitaro 2023
Versions
Affected
  • 1.0.1.59372
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416: Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416: Use After Free
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Discovered by a member of Cisco Talos.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758
N/A
https://jvn.jp/en/jp/JVN28846531/index.html
N/A
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758
Resource: N/A
Hyperlink: https://jvn.jp/en/jp/JVN28846531/index.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758
x_transferred
https://jvn.jp/en/jp/JVN28846531/index.html
x_transferred
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1758
N/A
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758
Resource:
x_transferred
Hyperlink: https://jvn.jp/en/jp/JVN28846531/index.html
Resource:
x_transferred
Hyperlink: https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1758
Resource: N/A
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:talos-cna@cisco.com
Published At:19 Oct, 2023 | 18:15
Updated At:04 Nov, 2025 | 20:16

A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
justsystems
justsystems
>>easy_postcard_max>>-
cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:*
justsystems
justsystems
>>ichitaro_2021>>-
cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:*
justsystems
justsystems
>>ichitaro_2022>>-
cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:*
justsystems
justsystems
>>ichitaro_2023>>1.0.1.59372
cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:*
justsystems
justsystems
>>ichitaro_government_10>>-
cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:*
justsystems
justsystems
>>ichitaro_government_8>>-
cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*
justsystems
justsystems
>>ichitaro_government_9>>-
cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:*
justsystems
justsystems
>>ichitaro_pro_3>>-
cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*
justsystems
justsystems
>>ichitaro_pro_4>>-
cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:*
justsystems
justsystems
>>ichitaro_pro_5>>-
cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:*
justsystems
justsystems
>>just_government_3>>-
cpe:2.3:a:justsystems:just_government_3:-:*:*:*:*:*:*:*
justsystems
justsystems
>>just_government_4>>-
cpe:2.3:a:justsystems:just_government_4:-:*:*:*:*:*:*:*
justsystems
justsystems
>>just_government_5>>-
cpe:2.3:a:justsystems:just_government_5:-:*:*:*:*:*:*:*
justsystems
justsystems
>>just_office_3>>-
cpe:2.3:a:justsystems:just_office_3:-:*:*:*:*:*:*:*
justsystems
justsystems
>>just_office_4>>-
cpe:2.3:a:justsystems:just_office_4:-:*:*:*:*:*:*:*
justsystems
justsystems
>>just_office_5>>-
cpe:2.3:a:justsystems:just_office_5:-:*:*:*:*:*:*:*
justsystems
justsystems
>>just_police_3>>-
cpe:2.3:a:justsystems:just_police_3:-:*:*:*:*:*:*:*
justsystems
justsystems
>>just_police_4>>-
cpe:2.3:a:justsystems:just_police_4:-:*:*:*:*:*:*:*
justsystems
justsystems
>>just_police_5>>-
cpe:2.3:a:justsystems:just_police_5:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Secondarytalos-cna@cisco.com
CWE-416Primarynvd@nist.gov
CWE ID: CWE-416
Type: Secondary
Source: talos-cna@cisco.com
CWE ID: CWE-416
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jvn.jp/en/jp/JVN28846531/index.htmltalos-cna@cisco.com
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758talos-cna@cisco.com
Exploit
Third Party Advisory
https://jvn.jp/en/jp/JVN28846531/index.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1758af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://jvn.jp/en/jp/JVN28846531/index.html
Source: talos-cna@cisco.com
Resource:
Third Party Advisory
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758
Source: talos-cna@cisco.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://jvn.jp/en/jp/JVN28846531/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1758
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

782Records found
CVE-2021-34834
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-3.06% / 86.47%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 15:16
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14014.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_readerpdf_editorwindowsPDF Reader
CWE ID-CWE-416
Use After Free
CVE-2023-21734
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-3.54% / 87.43%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-28 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office 2019 for MacMicrosoft Office LTSC for Mac 2021
CWE ID-CWE-416
Use After Free
CVE-2023-21735
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.64% / 81.65%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-28 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office 2019 for MacMicrosoft Office LTSC for Mac 2021
CWE ID-CWE-416
Use After Free
CVE-2023-22424
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.41%
||
7 Day CHG~0.00%
Published-05 Mar, 2023 | 00:00
Updated-07 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.

Action-Not Available
Vendor-jtektJTEKT ELECTRONICS CORPORATION
Product-kostac_plc_programming_softwareKostac PLC Programming Software (Former name: Koyo PLC Programming Software)
CWE ID-CWE-416
Use After Free
CVE-2021-34849
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-3.06% / 86.47%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 15:16
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14531.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_readerpdf_editorwindowsPDF Reader
CWE ID-CWE-416
Use After Free
CVE-2023-22235
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.68%
||
7 Day CHG~0.00%
Published-12 Apr, 2023 | 00:00
Updated-13 Sep, 2024 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe InCopy SVG file Use After Free Arbitrary code execution

InCopy versions 18.1 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-incopywindowsmacosInCopyincopy
CWE ID-CWE-416
Use After Free
CVE-2021-34936
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.48% / 64.52%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 21:44
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14914.

Action-Not Available
Vendor-Bentley Systems, Incorporated
Product-microstationbentley_viewView
CWE ID-CWE-416
Use After Free
CVE-2023-22244
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.39%
||
7 Day CHG+0.05%
Published-17 Feb, 2023 | 00:00
Updated-05 Mar, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Rush PSD files Use After Free Arbitrary code execution

Adobe Premiere Rush version 2.6 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspremiere_rushPremiere Rush
CWE ID-CWE-416
Use After Free
CVE-2021-3497
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.59%
||
7 Day CHG~0.00%
Published-19 Apr, 2021 | 20:22
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.

Action-Not Available
Vendor-gstreamer_projectn/aDebian GNU/LinuxRed Hat, Inc.
Product-gstreamerdebian_linuxenterprise_linuxgstreamer-plugins-good
CWE ID-CWE-416
Use After Free
CVE-2021-34835
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-3.06% / 86.47%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 15:16
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14015.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_readerpdf_editorwindowsPDF Reader
CWE ID-CWE-416
Use After Free
CVE-2021-34850
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-3.06% / 86.47%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 15:16
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14529.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_readerpdf_editorwindowsPDF Reader
CWE ID-CWE-416
Use After Free
CVE-2021-34872
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.62% / 69.66%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 21:42
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14737.

Action-Not Available
Vendor-Bentley Systems, Incorporated
Product-microstationbentley_viewView
CWE ID-CWE-416
Use After Free
CVE-2023-22246
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.39%
||
7 Day CHG+0.07%
Published-17 Feb, 2023 | 00:00
Updated-05 Mar, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate FLA files Use After Free Arbitrary code execution

Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsanimatemacosAnimate
CWE ID-CWE-416
Use After Free
CVE-2023-22277
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.45%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 13:05
Updated-17 Oct, 2024 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314.

Action-Not Available
Vendor-omronOMRON Corporation
Product-cx-programmerCX-Programmer
CWE ID-CWE-416
Use After Free
CVE-2024-39422
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.54% / 81.09%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 15:07
Updated-15 Aug, 2024 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-24090: New Vulnerability Report - Use-after-free remote code execution vulnerability in Adobe Acrobat Reader DC

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Readeracrobat_dcacrobat_readeracrobat_reader_dcacrobat
CWE ID-CWE-416
Use After Free
CVE-2025-66493
Matching Score-4
Assigner-14984358-7092-470d-8f34-ade47a7658a2
ShareView Details
Matching Score-4
Assigner-14984358-7092-470d-8f34-ade47a7658a2
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.17%
||
7 Day CHG~0.00%
Published-19 Dec, 2025 | 07:07
Updated-23 Dec, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially allowing a remote attacker to execute arbitrary code.

Action-Not Available
Vendor-Foxit Software Inc.Foxit Software IncorporatedMicrosoft Corporation
Product-windowspdf_editorpdf_readerFoxit PDF ReaderFoxit PDF Editor
CWE ID-CWE-416
Use After Free
CVE-2025-6636
Matching Score-4
Assigner-Autodesk
ShareView Details
Matching Score-4
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.28%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 17:54
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PRT File Parsing Use-After-Free Vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_electricalinventorinfraworksadvance_steelrevit_ltcivil_3drevitautocad_mepautocad_architectureautocad_mechanicalshared_componentsautocad_plant_3dvault3ds_maxautocad_map_3dShared Components
CWE ID-CWE-416
Use After Free
CVE-2021-32944
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.84%
||
7 Day CHG~0.00%
Published-17 Jun, 2021 | 12:50
Updated-03 Aug, 2024 | 23:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process.

Action-Not Available
Vendor-opendesignn/aSiemens AG
Product-jt2gocomosdrawings_sdkteamcenter_visualizationDrawings SDK
CWE ID-CWE-416
Use After Free
CVE-2025-66585
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.3||HIGH
EPSS-0.04% / 10.54%
||
7 Day CHG+0.01%
Published-11 Dec, 2025 | 20:56
Updated-02 Jan, 2026 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free vulnerability in AzeoTech DAQFactory

In AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-azeotechAzeoTech
Product-daqfactoryDAQFactory
CWE ID-CWE-416
Use After Free
CVE-2024-39383
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.54% / 81.09%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 15:07
Updated-20 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PoC sample of unknown vulnerability detected by EXPMON system

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Readeracrobat_dcacrobat_readeracrobat_reader_dcacrobat
CWE ID-CWE-416
Use After Free
CVE-2024-34095
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.04%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 10:00
Updated-02 Dec, 2024 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-23475: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Readeracrobat_dcacrobat_readeracrobat_reader_dcacrobat
CWE ID-CWE-416
Use After Free
CVE-2025-64468
Matching Score-4
Assigner-National Instruments
ShareView Details
Matching Score-4
Assigner-National Instruments
CVSS Score-8.5||HIGH
EPSS-0.02% / 4.09%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 14:50
Updated-24 Dec, 2025 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-Free in sentry!sentry_span_set_data() in NI LabVIEW

There is a use-after-free vulnerability in sentry!sentry_span_set_data() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions

Action-Not Available
Vendor-niNI
Product-labviewLabVIEW
CWE ID-CWE-416
Use After Free
CVE-2021-33641
Matching Score-4
Assigner-openEuler
ShareView Details
Matching Score-4
Assigner-openEuler
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.91%
||
7 Day CHG~0.00%
Published-20 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory (use after free).

Action-Not Available
Vendor-n/aopenEuler (OpenAtom Foundation)
Product-byaccbyacc
CWE ID-CWE-416
Use After Free
CVE-2025-66494
Matching Score-4
Assigner-14984358-7092-470d-8f34-ade47a7658a2
ShareView Details
Matching Score-4
Assigner-14984358-7092-470d-8f34-ade47a7658a2
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.17%
||
7 Day CHG~0.00%
Published-19 Dec, 2025 | 07:08
Updated-23 Dec, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability

A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a remote attacker to execute arbitrary code.

Action-Not Available
Vendor-Foxit Software Inc.Foxit Software IncorporatedMicrosoft Corporation
Product-windowspdf_editorpdf_readerFoxit PDF ReaderFoxit PDF Editor
CWE ID-CWE-416
Use After Free
CVE-2025-62553
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.93%
||
7 Day CHG-0.05%
Published-09 Dec, 2025 | 17:55
Updated-20 Feb, 2026 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channeloffice365_appsexcelMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC for Mac 2021Microsoft Office LTSC for Mac 2024Microsoft Excel 2016Microsoft Office LTSC 2021Microsoft Office 2019Microsoft Office LTSC 2024
CWE ID-CWE-416
Use After Free
CVE-2025-62205
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.35%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-13 Feb, 2026 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsoffice_long_term_servicing_channelMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Office LTSC 2024
CWE ID-CWE-416
Use After Free
CVE-2025-62563
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.93%
||
7 Day CHG-0.05%
Published-09 Dec, 2025 | 17:55
Updated-20 Feb, 2026 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-officeexceloffice_long_term_servicing_channel365_appsoffice_online_serverMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC for Mac 2021Microsoft Office LTSC for Mac 2024Microsoft Excel 2016Office Online ServerMicrosoft Office LTSC 2021Microsoft Office 2019Microsoft Office LTSC 2024
CWE ID-CWE-416
Use After Free
CVE-2025-62216
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.35%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-13 Feb, 2026 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsoffice_long_term_servicing_channelMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Office LTSC 2024
CWE ID-CWE-416
Use After Free
CVE-2025-62199
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.53% / 66.56%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-13 Feb, 2026 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-excel365_appsoffice_long_term_servicing_channelofficeMicrosoft Office LTSC 2024Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC for Mac 2021Microsoft Office LTSC for Mac 2024Microsoft Office for AndroidMicrosoft Office LTSC 2021Microsoft Office 2016
CWE ID-CWE-416
Use After Free
CVE-2021-31175
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-12.05% / 93.64%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_serverofficeexceloffice_web_apps_server365_appsMicrosoft Excel 2016Microsoft 365 Apps for EnterpriseMicrosoft Excel 2013 Service Pack 1Microsoft Office Online ServerMicrosoft Office 2016Microsoft Office Web Apps Server 2013 Service Pack 1Microsoft Office 2013 Service Pack 1Microsoft Office 2019
CWE ID-CWE-416
Use After Free
CVE-2021-31470
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-3.06% / 86.47%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 20:16
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12947.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-windows3dReader
CWE ID-CWE-416
Use After Free
CVE-2021-31459
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.52% / 66.30%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 20:16
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13162.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2023-0358
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.07%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in gpac/gpac

Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-416
Use After Free
CVE-2025-64531
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.66%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:43
Updated-11 Dec, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Stager | Use After Free (CWE-416)

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowssubstance_3d_stagermacosSubstance3D - Stager
CWE ID-CWE-416
Use After Free
CVE-2024-34097
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.35% / 57.03%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 10:00
Updated-02 Dec, 2024 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-23473: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Readeracrobat_dcacrobat_readeracrobat_reader_dcacrobat
CWE ID-CWE-416
Use After Free
CVE-2025-62558
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.66%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:55
Updated-20 Feb, 2026 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Word Remote Code Execution Vulnerability

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channelsharepoint_serverofficeword365_appsMicrosoft 365 Apps for EnterpriseMicrosoft Word 2016Microsoft Office LTSC for Mac 2021Microsoft Office LTSC for Mac 2024Microsoft SharePoint Server 2019Microsoft Office LTSC 2021Microsoft SharePoint Enterprise Server 2016Microsoft Office 2019Microsoft Office LTSC 2024
CWE ID-CWE-416
Use After Free
CVE-2025-62559
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.66%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:55
Updated-20 Feb, 2026 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Word Remote Code Execution Vulnerability

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channelsharepoint_serverofficeword365_appsMicrosoft 365 Apps for EnterpriseMicrosoft Word 2016Microsoft Office LTSC for Mac 2021Microsoft Office LTSC for Mac 2024Microsoft SharePoint Server 2019Microsoft Office LTSC 2021Microsoft SharePoint Enterprise Server 2016Microsoft Office 2019Microsoft Office LTSC 2024
CWE ID-CWE-416
Use After Free
CVE-2021-31176
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-10.46% / 93.09%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_web_apps_server365_appsoffice_online_serverofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office 2013 Service Pack 1Microsoft Office 2016Microsoft Office 2019
CWE ID-CWE-416
Use After Free
CVE-2024-37007
Matching Score-4
Assigner-Autodesk
ShareView Details
Matching Score-4
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.95% / 76.00%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:35
Updated-27 Aug, 2025 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-civil_3dautocadautocad_mechanicaladvance_steelautocad_electricalautocad_plant_3dautocad_architectureautocad_mepautocad_map_3dAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-416
Use After Free
CVE-2021-31458
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.52% / 66.30%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 20:16
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13150.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2025-61817
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.66%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:06
Updated-11 Dec, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InCopy | Use After Free (CWE-416)

InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsmacosincopyInCopy
CWE ID-CWE-416
Use After Free
CVE-2021-31441
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-3.06% / 86.47%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 20:16
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13101.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerReader
CWE ID-CWE-416
Use After Free
CVE-2021-31451
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-3.06% / 86.47%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 20:16
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13089.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerReader
CWE ID-CWE-416
Use After Free
CVE-2025-61801
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.67%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 19:34
Updated-16 Oct, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dimension | Use After Free (CWE-416)

Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-macoswindowsdimensionDimension
CWE ID-CWE-416
Use After Free
CVE-2021-31497
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.62%
||
7 Day CHG~0.00%
Published-15 Jun, 2021 | 19:11
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13311.

Action-Not Available
Vendor-Open Text Corporation
Product-brava\!_desktopBrava! Desktop
CWE ID-CWE-416
Use After Free
CVE-2025-61818
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.66%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:06
Updated-11 Dec, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InCopy | Use After Free (CWE-416)

InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsmacosincopyInCopy
CWE ID-CWE-416
Use After Free
CVE-2021-31516
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-1.32% / 79.63%
||
7 Day CHG~0.00%
Published-29 Jun, 2021 | 14:33
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BNDB files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13670.

Action-Not Available
Vendor-vector35Vector 35
Product-binary_ninjaBinary Ninja
CWE ID-CWE-416
Use After Free
CVE-2021-31457
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.52% / 66.30%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 20:16
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13147.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2025-61814
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.66%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:00
Updated-11 Dec, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Use After Free (CWE-416)

InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsindesignmacosInDesign Desktop
CWE ID-CWE-416
Use After Free
CVE-2021-36081
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.24% / 47.18%
||
7 Day CHG~0.00%
Published-01 Jul, 2021 | 02:47
Updated-04 Aug, 2024 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-free during a strpbrk call.

Action-Not Available
Vendor-tesseract_ocr_projectn/aLinux Kernel Organization, Inc
Product-tesseract_ocrlinux_kerneln/a
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 15
  • 16
  • Next
Details not found