Programs written in languages that lack sound object lifetime management facilities are susceptible to a specific class of memory safety issue known as a “use-after-free” vulnerability. A use-after-free vulnerability occurs when a program prematurely frees an object and then later accesses the object (either through a field or through a method call). Between the freeing and accessing of the object, a malicious program can corrupt the object, e.g., by replacing it with its own object or part of an object. Vulnerabilities also can result from other types of object corruption.
Object corruption can result in undefined behavior, including allowing arbitrary code to be executed and take control of the machine running the program. For example, an object contains a pointer to its virtual function table of methods that a program may call. However, if that object gets corrupted, such as by being prematurely freed and having some or all of its memory space overwritten, the pointer to the virtual function table may be changed. The next access of that object may result in getting a pointer to a malicious program's space (a fake virtual function table) instead of to the legitimate virtual function table. Once this occurs, the malicious program has control of the instruction pointer.