Use-after-free vulnerabilities object B f0: function_ptr1 p=(struct A*) function_ptr2 malloc(16); free(p); char_array q=(struct B*) IP malloc(16): p->integer1 value; q->function_ptr1(): f1: attacker P Pointer to A code: 2: Q Pointer to B 10Use-after-free vulnerabilities 10