CVE-2020-1712

HIGH Year: 2020
CVSS v3 Score
7.8
High
CVSS v2 Score
4.6
Medium
Weakness Type
CWE-416
View all →

Vulnerability Description

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.

Related Vulnerabilities

CVE-2009-0749

HIGH
CVSS:7.8(High)

Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (applicatio...

CWE-4162009

CVE-2009-4324

HIGH
CVSS:7.8(High)

Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to exec...

CWE-4162009

CVE-2013-2830

HIGH
CVSS:7.8(High)

Use-after-free vulnerability in SumatraPDF Reader 2.x before 2.2.1 allows remote attackers to execute arbitrary code via a crafted PDF file.

CWE-4162013

CVE-2014-9926

HIGH
CVSS:7.8(High)

In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.

CWE-4162014

CVE-2014-9930

HIGH
CVSS:7.8(High)

In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.

CWE-4162014

CVE-2014-9946

HIGH
CVSS:7.8(High)

In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.

CWE-4162014