Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-J37X-VWQP-7X2H

Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 03:31
VLAI
Details

Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-10948"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-04T23:16:57Z",
    "severity": "HIGH"
  },
  "details": "Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-j37x-vwqp-7x2h",
  "modified": "2026-06-05T03:31:31Z",
  "published": "2026-06-05T00:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10948"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/504599749"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J398-Q9JM-G4VJ

Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA's bind element. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5091.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-16575"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-20T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA\u0027s bind element. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5091.",
  "id": "GHSA-j398-q9jm-g4vj",
  "modified": "2022-05-13T01:37:26Z",
  "published": "2022-05-13T01:37:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16575"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://zerodayinitiative.com/advisories/ZDI-17-886"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J3FG-H3R6-7945

Vulnerability from github – Published: 2026-04-03 18:31 – Updated: 2026-05-20 15:35
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

nvdimm/bus: Fix potential use after free in asynchronous initialization

Dingisoul with KASAN reports a use after free if device_add() fails in nd_async_device_register().

Commit b6eae0f61db2 ("libnvdimm: Hold reference on parent while scheduling async init") correctly added a reference on the parent device to be held until asynchronous initialization was complete. However, if device_add() results in an allocation failure the ref count of the device drops to 0 prior to the parent pointer being accessed. Thus resulting in use after free.

The bug bot AI correctly identified the fix. Save a reference to the parent pointer to be used to drop the parent reference regardless of the outcome of device_add().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31399"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-03T16:16:38Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvdimm/bus: Fix potential use after free in asynchronous initialization\n\nDingisoul with KASAN reports a use after free if device_add() fails in\nnd_async_device_register().\n\nCommit b6eae0f61db2 (\"libnvdimm: Hold reference on parent while\nscheduling async init\") correctly added a reference on the parent device\nto be held until asynchronous initialization was complete.  However, if\ndevice_add() results in an allocation failure the ref count of the\ndevice drops to 0 prior to the parent pointer being accessed.  Thus\nresulting in use after free.\n\nThe bug bot AI correctly identified the fix.  Save a reference to the\nparent pointer to be used to drop the parent reference regardless of the\noutcome of device_add().",
  "id": "GHSA-j3fg-h3r6-7945",
  "modified": "2026-05-20T15:35:22Z",
  "published": "2026-04-03T18:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31399"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2c638259ad750833fd46a0cf57672a618542d84c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6fc36c2a925ceaba203eb13d75a8f0879a2c121b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/84af19855d1abdee3c9d57c0684e2868e391793c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9a0fb16ba5b372465a3a1ecd761c6fa911a4ab4d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a226e5b49e5fe8c98b14f8507de670189d191348"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a36cf138500e56f50db9f9a33222df6969b38326"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a8aec14230322ed8f1e8042b6d656c1631d41163"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e48bf8f1d2b12c1c5ba1f609edbd4cde5dadc20e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J3PH-4P3P-3QQC

Vulnerability from github – Published: 2025-03-03 12:30 – Updated: 2025-03-03 12:30
VLAI
Details

Memory corruption caused by missing locks and checks on the DMA fence and improper synchronization.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43062"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-03T11:15:12Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption caused by missing locks and checks on the DMA fence and improper synchronization.",
  "id": "GHSA-j3ph-4p3p-3qqc",
  "modified": "2025-03-03T12:30:32Z",
  "published": "2025-03-03T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43062"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J3Q7-WH4C-9XV8

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-17 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

NFSv4/pnfs: Fix a use-after-free bug in open

If someone cancels the open RPC call, then we must not try to free either the open slot or the layoutget operation arguments, since they are likely still in use by the hung RPC call.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50072"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:36Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4/pnfs: Fix a use-after-free bug in open\n\nIf someone cancels the open RPC call, then we must not try to free\neither the open slot or the layoutget operation arguments, since they\nare likely still in use by the hung RPC call.",
  "id": "GHSA-j3q7-wh4c-9xv8",
  "modified": "2025-11-17T18:30:23Z",
  "published": "2025-06-18T12:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50072"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0fffb46ff3d5ed4668aca96441ec7a25b793bd6f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2135e5d56278ffdb1c2e6d325dc6b87f669b9dac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/76ffd2042438769298f34b76102b40dea89de616"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a4cf3dadd1fa43609f7c6570c9116b0e0a9923d1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b03d1117e9be7c7da60e466eaf9beed85c5916c8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f7ee3b772d9de87387a725caa04bc041ac7fe5ec"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J3RV-W4W8-QCV2

Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2022-05-13 01:07
VLAI
Details

In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-11496"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-26T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation.",
  "id": "GHSA-j3rv-w4w8-qcv2",
  "modified": "2022-05-13T01:07:36Z",
  "published": "2022-05-13T01:07:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11496"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ckolivas/lrzip/issues/96"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J3WX-X95H-JPCH

Vulnerability from github – Published: 2022-05-27 00:00 – Updated: 2022-06-09 00:00
VLAI
Details

A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-26702"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-26T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.",
  "id": "GHSA-j3wx-x95h-jpch",
  "modified": "2022-06-09T00:00:18Z",
  "published": "2022-05-27T00:00:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26702"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213253"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213254"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213258"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213675"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Mar/21"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J3X2-V9GC-F9JJ

Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the subject property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6498.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-17633"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-24T04:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the subject property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6498.",
  "id": "GHSA-j3x2-v9gc-f9jj",
  "modified": "2022-05-13T01:33:59Z",
  "published": "2022-05-13T01:33:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17633"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1202"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J3X6-VG5F-VX5P

Vulnerability from github – Published: 2022-09-27 00:00 – Updated: 2025-05-21 18:32
VLAI
Details

Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3049"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-26T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-j3x6-vg5f-vx5p",
  "modified": "2025-05-21T18:32:58Z",
  "published": "2022-09-27T00:00:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3049"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1316892"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202209-23"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J3XP-78W6-P4VH

Vulnerability from github – Published: 2024-08-17 09:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix extent map use-after-free when adding pages to compressed bio

At add_ra_bio_pages() we are accessing the extent map to calculate 'add_size' after we dropped our reference on the extent map, resulting in a use-after-free. Fix this by computing 'add_size' before dropping our extent map reference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42314"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-17T09:15:11Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix extent map use-after-free when adding pages to compressed bio\n\nAt add_ra_bio_pages() we are accessing the extent map to calculate\n\u0027add_size\u0027 after we dropped our reference on the extent map, resulting\nin a use-after-free. Fix this by computing \u0027add_size\u0027 before dropping our\nextent map reference.",
  "id": "GHSA-j3xp-78w6-p4vh",
  "modified": "2025-11-04T00:31:14Z",
  "published": "2024-08-17T09:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42314"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e7860543a94784d744c7ce34b78a2e11beefa5c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b7859ff398b6b656e1689daa860eb34837b4bb89"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c1cc3326e27b0bd7a2806b40bc48e49afaf951e7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c205565e0f2f439f278a4a94ee97b67ef7b56ae8"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.