1191 matches found
macOS XNU - Missing Locking in checkdirs_callback() Enables Race with fchdir_common()
macOS XNU - Missing Locking in checkdirscallback Enables Race with fchdircommon On macOS, when a new mount point is created, the kernel uses checkdirs to, as a comment above the function explains: "Scan all active processes to see if any of them have a current or root directory onto which the new...
CVE-2017-18595
A flaw was found in the allocatetracebuffer in kernel/trace/trace.c in the debug subsystem, when failure to allocate a dynamic percpu area, a resource cleanup is called. The pointer buf-buffer still holds the address and is not set to NULL, which can cause a use-after-free problem, leading to a...
CVE-2019-5042
An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability...
PT-2022-7134 · X.Org +9 · X.Org +9
Name of the Vulnerable Software and Affected Versions: X.Org affected versions not specified Description: A security flaw was found in X.Org due to the XkbCopyNames function leaving a dangling pointer to freed memory. This results in out-of-bounds memory access on subsequent XkbGetKbdByName...
Mozilla: Use-after-free with SMIL animation controller
A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leav...
Mozilla: Use-after-free with SMIL animation controller
A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leav...
DEBIAN-CVE-2019-9796
A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leav...
Mozilla: Use-after-free with SMIL animation controller
A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leav...
Mozilla: Use-after-free with SMIL animation controller
A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leav...
Mozilla: Use-after-free with SMIL animation controller
A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leav...
UBUNTU-CVE-2019-9796
A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leav...
CVE-2018-14054
A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered...
CVE-2017-14892
In the function msmpcmhwparams in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-19, the return value of q6asmopensharedio is not checked properly potentially leading to a possible dangling pointer access...
Improper access control
In the function msmpcmhwparams in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-19, the return value of q6asmopensharedio is not checked properly potentially leading to a possible dangling pointer access...
CVE-2017-14892
In the function msmpcmhwparams in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-19, the return value of q6asmopensharedio is not checked properly potentially leading to a possible dangling pointer access...
CVE-2017-14892
CVE-2017-14892 affects Android for MSM, Firefox OS for MSM, and QRD Android builds prior to 2017-09-19. The issue stems from not properly validating the return value of q6asm_open_shared_io() in msm_pcm_hw_params(), which can lead to a dangling pointer access. The available sources describe the v...
CVE-2018-6548
A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame could be freed while the corresponding pointer would not be updated,...
UBUNTU-CVE-2018-6548
A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame could be freed while the corresponding pointer would not be updated,...
CVE-2018-6548
A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame could be freed while the corresponding pointer would not be updated,...
Design/Logic Flaw
A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame could be freed while the corresponding pointer would not be updated,...