Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9813 vulnerabilities reference this CWE, most recent first.

GHSA-M96G-X499-P5F9

Vulnerability from github – Published: 2022-04-30 00:02 – Updated: 2022-04-30 00:02
VLAI
Details

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-7317"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-04T08:29:00Z",
    "severity": "MODERATE"
  },
  "details": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.",
  "id": "GHSA-m96g-x499-p5f9",
  "modified": "2022-04-30T00:02:15Z",
  "published": "2022-04-30T00:02:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7317"
    },
    {
      "type": "WEB",
      "url": "https://github.com/glennrp/libpng/issues/275"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/May/56"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/May/59"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/May/67"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201908-02"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190719-0005"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3962-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3991-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3997-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4080-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4083-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4435"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4448"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4451"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1265"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1267"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1269"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1308"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1309"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1310"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2494"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2495"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2585"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2590"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2592"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2737"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Apr/30"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Apr/36"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108098"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M972-2XXJ-7F3P

Vulnerability from github – Published: 2022-05-14 00:53 – Updated: 2022-05-14 00:53
VLAI
Details

Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-4961"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-09T19:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
  "id": "GHSA-m972-2xxj-7f3p",
  "modified": "2022-05-14T00:53:43Z",
  "published": "2022-05-14T00:53:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4961"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104169"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040920"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M9C7-7F34-95C8

Vulnerability from github – Published: 2026-05-20 21:31 – Updated: 2026-05-20 21:31
VLAI
Details

Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-9118"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-20T20:16:43Z",
    "severity": "HIGH"
  },
  "details": "Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-m9c7-7f34-95c8",
  "modified": "2026-05-20T21:31:33Z",
  "published": "2026-05-20T21:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9118"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/498702233"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M9GC-329H-37GP

Vulnerability from github – Published: 2023-02-16 21:30 – Updated: 2023-03-03 00:30
VLAI
Details

Use after free in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-30539"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-16T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Use after free in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.",
  "id": "GHSA-m9gc-329h-37gp",
  "modified": "2023-03-03T00:30:44Z",
  "published": "2023-02-16T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30539"
    },
    {
      "type": "WEB",
      "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00717.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M9J6-8VCH-65XC

Vulnerability from github – Published: 2024-04-01 15:30 – Updated: 2024-04-01 15:30
VLAI
Details

Memory corruption in Kernel while handling GPU operations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21472"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-01T15:15:49Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption in Kernel while handling GPU operations.",
  "id": "GHSA-m9j6-8vch-65xc",
  "modified": "2024-04-01T15:30:29Z",
  "published": "2024-04-01T15:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21472"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M9J8-542R-7W94

Vulnerability from github – Published: 2022-05-14 01:02 – Updated: 2025-04-12 13:06
VLAI
Details

The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-7913"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-11-16T05:59:00Z",
    "severity": "HIGH"
  },
  "details": "The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure.",
  "id": "GHSA-m9j8-542r-7w94",
  "modified": "2025-04-12T13:06:33Z",
  "published": "2022-05-14T01:02:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7913"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/8dfbcc4351a0b6d2f2d77f367552f48ffefafe18"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0676"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1062"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1170"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1190"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3798-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3798-2"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8dfbcc4351a0b6d2f2d77f367552f48ffefafe18"
    },
    {
      "type": "WEB",
      "url": "http://source.android.com/security/bulletin/2016-11-01.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94201"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M9JH-C36P-X9MJ

Vulnerability from github – Published: 2022-08-13 00:00 – Updated: 2022-08-16 00:00
VLAI
Details

A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-29117"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-12T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.",
  "id": "GHSA-m9jh-c36p-x9mj",
  "modified": "2022-08-16T00:00:24Z",
  "published": "2022-08-13T00:00:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29117"
    },
    {
      "type": "WEB",
      "url": "https://www.esri.com/arcgis-blog/products/arcgis-desktop/administration/arcreader-general-data-frame-security-update"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M9JW-Q7HV-7Q8H

Vulnerability from github – Published: 2022-07-16 00:00 – Updated: 2022-07-16 00:00
VLAI
Details

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-34216"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-15T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-m9jw-q7hv-7q8h",
  "modified": "2022-07-16T00:00:29Z",
  "published": "2022-07-16T00:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34216"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb22-32.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M9MP-FMFC-G6GC

Vulnerability from github – Published: 2025-12-17 21:30 – Updated: 2025-12-17 21:30
VLAI
Details

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-43529"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-17T21:16:11Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.",
  "id": "GHSA-m9mp-fmfc-g6gc",
  "modified": "2025-12-17T21:30:50Z",
  "published": "2025-12-17T21:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43529"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125884"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125885"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125886"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125889"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125890"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125891"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125892"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43529"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M9MX-FH6Q-CW99

Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2022-05-24 22:28
VLAI
Details

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-13570"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-22T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free vulnerability exists in the JavaScript engine of Foxit Software\u2019s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",
  "id": "GHSA-m9mx-fh6q-cw99",
  "modified": "2022-05-24T22:28:47Z",
  "published": "2022-05-24T22:28:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13570"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1181"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.