CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-J977-FCPW-7HQH
Vulnerability from github – Published: 2022-10-15 12:01 – Updated: 2022-10-18 19:00Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2022-38445"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-14T20:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-j977-fcpw-7hqh",
"modified": "2022-10-18T19:00:31Z",
"published": "2022-10-15T12:01:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38445"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/dimension/apsb22-57.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J994-F74J-CWF3
Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2024-10-24 21:31In the Linux kernel, the following vulnerability has been resolved:
drm/xe: fix UAF around queue destruction
We currently do stuff like queuing the final destruction step on a random system wq, which will outlive the driver instance. With bad timing we can teardown the driver with one or more work workqueue still being alive leading to various UAF splats. Add a fini step to ensure user queues are properly torn down. At this point GuC should already be nuked so queue itself should no longer be referenced from hw pov.
v2 (Matt B) - Looks much safer to use a waitqueue and then just wait for the xa_array to become empty before triggering the drain.
(cherry picked from commit 861108666cc0e999cffeab6aff17b662e68774e3)
{
"affected": [],
"aliases": [
"CVE-2024-49876"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T18:15:09Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: fix UAF around queue destruction\n\nWe currently do stuff like queuing the final destruction step on a\nrandom system wq, which will outlive the driver instance. With bad\ntiming we can teardown the driver with one or more work workqueue still\nbeing alive leading to various UAF splats. Add a fini step to ensure\nuser queues are properly torn down. At this point GuC should already be\nnuked so queue itself should no longer be referenced from hw pov.\n\nv2 (Matt B)\n - Looks much safer to use a waitqueue and then just wait for the\n xa_array to become empty before triggering the drain.\n\n(cherry picked from commit 861108666cc0e999cffeab6aff17b662e68774e3)",
"id": "GHSA-j994-f74j-cwf3",
"modified": "2024-10-24T21:31:02Z",
"published": "2024-10-21T18:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49876"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/272b0e78874586d6ccae04079d75b27b47705544"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2d2be279f1ca9e7288282d4214f16eea8a727cdb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/421c74670b0f9d5c007f1276d3647aa58f407fde"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J9CM-C7PC-7P45
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-50305"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:17:28Z",
"severity": "HIGH"
},
"details": "Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-j9cm-c7pc-7p45",
"modified": "2026-07-14T18:32:14Z",
"published": "2026-07-14T18:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50305"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50305"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J9CV-WC33-7QHX
Vulnerability from github – Published: 2025-01-31 06:30 – Updated: 2025-01-31 18:31Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
{
"affected": [],
"aliases": [
"CVE-2024-47891"
],
"database_specific": {
"cwe_ids": [
"CWE-416",
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-31T04:15:08Z",
"severity": "CRITICAL"
},
"details": "Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.",
"id": "GHSA-j9cv-wc33-7qhx",
"modified": "2025-01-31T18:31:05Z",
"published": "2025-01-31T06:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47891"
},
{
"type": "WEB",
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J9F5-PCRJ-V7VQ
Vulnerability from github – Published: 2023-09-20 09:30 – Updated: 2024-04-04 07:45Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.
{
"affected": [],
"aliases": [
"CVE-2023-41375"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-20T09:15:17Z",
"severity": "HIGH"
},
"details": "Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.",
"id": "GHSA-j9f5-pcrj-v7vq",
"modified": "2024-04-04T07:45:33Z",
"published": "2023-09-20T09:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41375"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU95282683/index.html"
},
{
"type": "WEB",
"url": "https://www.electronics.jtekt.co.jp/en/topics/202309125391"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J9J2-PM6H-6V87
Vulnerability from github – Published: 2022-12-13 18:30 – Updated: 2022-12-15 15:32In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222166527
{
"affected": [],
"aliases": [
"CVE-2022-20502"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-13T16:15:00Z",
"severity": "MODERATE"
},
"details": "In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222166527",
"id": "GHSA-j9j2-pm6h-6v87",
"modified": "2022-12-15T15:32:13Z",
"published": "2022-12-13T18:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20502"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2022-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J9M5-7HQ3-XX6V
Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-44813"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T17:17:17Z",
"severity": "HIGH"
},
"details": "Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-j9m5-7hq3-xx6v",
"modified": "2026-06-09T18:30:47Z",
"published": "2026-06-09T18:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44813"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44813"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J9R7-5GC3-9396
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
{
"affected": [],
"aliases": [
"CVE-2018-3965"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-03T15:29:00Z",
"severity": "HIGH"
},
"details": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software\u0027s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",
"id": "GHSA-j9r7-5gc3-9396",
"modified": "2022-05-13T01:01:50Z",
"published": "2022-05-13T01:01:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3965"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0630"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J9RV-6QVQ-MVQJ
Vulnerability from github – Published: 2025-04-16 21:30 – Updated: 2025-04-17 15:32Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2025-3620"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-16T21:15:48Z",
"severity": "HIGH"
},
"details": "Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-j9rv-6qvq-mvqj",
"modified": "2025-04-17T15:32:35Z",
"published": "2025-04-16T21:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3620"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/405292639"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J9W9-6JJ7-C2PX
Vulnerability from github – Published: 2025-01-14 18:32 – Updated: 2025-01-14 18:32Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2025-21307"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T18:15:53Z",
"severity": "CRITICAL"
},
"details": "Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability",
"id": "GHSA-j9w9-6jj7-c2px",
"modified": "2025-01-14T18:32:04Z",
"published": "2025-01-14T18:32:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21307"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21307"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.