CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-MP35-P2HC-V59Q
Vulnerability from github – Published: 2026-06-24 18:32 – Updated: 2026-06-30 03:37In the Linux kernel, the following vulnerability has been resolved:
drm/xe/dma-buf: fix UAF with retry loop
Retry doesn't work here, since bo will be freed on error, leading to UAF. However, now that we do the alloc & init before the attach, we can now combine this as one unit and have the init do the alloc for us. This should make the retry safe.
Reported by Sashiko.
v2: Fix up the error unwind (CI)
(cherry picked from commit 479669418253e0f27f8cf5db01a731352ea592e7)
{
"affected": [],
"aliases": [
"CVE-2026-52950"
],
"database_specific": {
"cwe_ids": [
"CWE-416",
"CWE-825"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-24T17:17:05Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/dma-buf: fix UAF with retry loop\n\nRetry doesn\u0027t work here, since bo will be freed on error, leading to\nUAF. However, now that we do the alloc \u0026 init before the attach, we can\nnow combine this as one unit and have the init do the alloc for us. This\nshould make the retry safe.\n\nReported by Sashiko.\n\nv2: Fix up the error unwind (CI)\n\n(cherry picked from commit 479669418253e0f27f8cf5db01a731352ea592e7)",
"id": "GHSA-mp35-p2hc-v59q",
"modified": "2026-06-30T03:37:11Z",
"published": "2026-06-24T18:32:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52950"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-52950"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492318"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/155a372a1cc50fa93387c5d3cdfd614a61e1afd1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/39fdac6be02eb7c3460518c1c4085f75f935c4ce"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/827062952ed9bdf4220466c1f05ce452d04bdedf"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-52950.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MP3G-VPM9-9VQV
Vulnerability from github – Published: 2024-06-26 19:12 – Updated: 2024-06-26 21:56Impact
The implementation of the following functions were determined to include a use-after-free bug:
FetchEvent.client.tlsCipherOpensslNameFetchEvent.client.tlsProtocolFetchEvent.client.tlsClientCertificateFetchEvent.client.tlsJA3MD5FetchEvent.client.tlsClientHelloCacheEntry.prototype.userMetadataof thefastly:cachesubsystemDevice.lookupof thefastly:devicesubsystem
This bug could allow for an unintended data leak if the result of the preceding functions were sent anywhere else, and often results in a Compute service crash causing an HTTP 500 error to be returned. As all requests to Compute are isolated from one another, the only data at risk is data present for a single request.
Patches
This bug has been fixed in version 3.16.0 of the @fastly/js-compute package.
Workarounds
There are no workarounds for this bug, any use of the affected functions introduces the possibility of a data leak or crash in guest code.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@fastly/js-compute"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.16.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-38375"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-26T19:12:23Z",
"nvd_published_at": "2024-06-26T19:15:13Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe implementation of the following functions were determined to include a use-after-free bug:\n\n* `FetchEvent.client.tlsCipherOpensslName`\n* `FetchEvent.client.tlsProtocol`\n* `FetchEvent.client.tlsClientCertificate`\n* `FetchEvent.client.tlsJA3MD5`\n* `FetchEvent.client.tlsClientHello`\n* `CacheEntry.prototype.userMetadata` of the `fastly:cache` subsystem\n* `Device.lookup` of the `fastly:device` subsystem\n\nThis bug could allow for an unintended data leak if the result of the preceding functions were sent anywhere else, and often results in a Compute service crash causing an HTTP 500 error to be returned. As all requests to Compute are isolated from one another, the only data at risk is data present for a single request.\n\n### Patches\nThis bug has been fixed in version 3.16.0 of the `@fastly/js-compute` package.\n\n### Workarounds\nThere are no workarounds for this bug, any use of the affected functions introduces the possibility of a data leak or crash in guest code.",
"id": "GHSA-mp3g-vpm9-9vqv",
"modified": "2024-06-26T21:56:15Z",
"published": "2024-06-26T19:12:23Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/fastly/js-compute-runtime/security/advisories/GHSA-mp3g-vpm9-9vqv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38375"
},
{
"type": "WEB",
"url": "https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3"
},
{
"type": "PACKAGE",
"url": "https://github.com/fastly/js-compute-runtime"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
],
"summary": "@fastly/js-compute has a use-after-free in some host call implementations"
}
GHSA-MP3R-6558-HVG8
Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-06-01 18:31In the Linux kernel, the following vulnerability has been resolved:
ASoC: qcom: q6apm: move component registration to unmanaged version
q6apm component registers dais dynamically from ASoC toplology, which are allocated using device managed version apis. Allocating both component and dynamic dais using managed version could lead to incorrect free ordering, dai will be freed while component still holding references to it.
Fix this issue by moving component to unmanged version so that the dai pointers are only freeded after the component is removed.
================================================================== BUG: KASAN: slab-use-after-free in snd_soc_del_component_unlocked+0x3d4/0x400 [snd_soc_core] Read of size 8 at addr ffff00084493a6e8 by task kworker/u48:0/3426 Tainted: [W]=WARN Hardware name: LENOVO 21N2ZC5PUS/21N2ZC5PUS, BIOS N42ET57W (1.31 ) 08/08/2024 Workqueue: pdr_notifier_wq pdr_notifier_work [pdr_interface] Call trace: show_stack+0x28/0x7c (C) dump_stack_lvl+0x60/0x80 print_report+0x160/0x4b4 kasan_report+0xac/0xfc __asan_report_load8_noabort+0x20/0x34 snd_soc_del_component_unlocked+0x3d4/0x400 [snd_soc_core] snd_soc_unregister_component_by_driver+0x50/0x88 [snd_soc_core] devm_component_release+0x30/0x5c [snd_soc_core] devres_release_all+0x13c/0x210 device_unbind_cleanup+0x20/0x190 device_release_driver_internal+0x350/0x468 device_release_driver+0x18/0x30 bus_remove_device+0x1a0/0x35c device_del+0x314/0x7f0 device_unregister+0x20/0xbc apr_remove_device+0x5c/0x7c [apr] device_for_each_child+0xd8/0x160 apr_pd_status+0x7c/0xa8 [apr] pdr_notifier_work+0x114/0x240 [pdr_interface] process_one_work+0x500/0xb70 worker_thread+0x630/0xfb0 kthread+0x370/0x6c0 ret_from_fork+0x10/0x20
Allocated by task 77: kasan_save_stack+0x40/0x68 kasan_save_track+0x20/0x40 kasan_save_alloc_info+0x44/0x58 __kasan_kmalloc+0xbc/0xdc __kmalloc_node_track_caller_noprof+0x1f4/0x620 devm_kmalloc+0x7c/0x1c8 snd_soc_register_dai+0x50/0x4f0 [snd_soc_core] soc_tplg_pcm_elems_load+0x55c/0x1eb8 [snd_soc_core] snd_soc_tplg_component_load+0x4f8/0xb60 [snd_soc_core] audioreach_tplg_init+0x124/0x1fc [snd_q6apm] q6apm_audio_probe+0x10/0x1c [snd_q6apm] snd_soc_component_probe+0x5c/0x118 [snd_soc_core] soc_probe_component+0x44c/0xaf0 [snd_soc_core] snd_soc_bind_card+0xad0/0x2370 [snd_soc_core] snd_soc_register_card+0x3b0/0x4c0 [snd_soc_core] devm_snd_soc_register_card+0x50/0xc8 [snd_soc_core] x1e80100_platform_probe+0x208/0x368 [snd_soc_x1e80100] platform_probe+0xc0/0x188 really_probe+0x188/0x804 __driver_probe_device+0x158/0x358 driver_probe_device+0x60/0x190 __device_attach_driver+0x16c/0x2a8 bus_for_each_drv+0x100/0x194 __device_attach+0x174/0x380 device_initial_probe+0x14/0x20 bus_probe_device+0x124/0x154 deferred_probe_work_func+0x140/0x220 process_one_work+0x500/0xb70 worker_thread+0x630/0xfb0 kthread+0x370/0x6c0 ret_from_fork+0x10/0x20
Freed by task 3426: kasan_save_stack+0x40/0x68 kasan_save_track+0x20/0x40 __kasan_save_free_info+0x4c/0x80 __kasan_slab_free+0x78/0xa0 kfree+0x100/0x4a4 devres_release_all+0x144/0x210 device_unbind_cleanup+0x20/0x190 device_release_driver_internal+0x350/0x468 device_release_driver+0x18/0x30 bus_remove_device+0x1a0/0x35c device_del+0x314/0x7f0 device_unregister+0x20/0xbc apr_remove_device+0x5c/0x7c [apr] device_for_each_child+0xd8/0x160 apr_pd_status+0x7c/0xa8 [apr] pdr_notifier_work+0x114/0x240 [pdr_interface] process_one_work+0x500/0xb70 worker_thread+0x630/0xfb0 kthread+0x370/0x6c0 ret_from_fork+0x10/0x20
{
"affected": [],
"aliases": [
"CVE-2026-31587"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-24T15:16:33Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: q6apm: move component registration to unmanaged version\n\nq6apm component registers dais dynamically from ASoC toplology, which\nare allocated using device managed version apis. Allocating both\ncomponent and dynamic dais using managed version could lead to incorrect\nfree ordering, dai will be freed while component still holding references\nto it.\n\nFix this issue by moving component to unmanged version so\nthat the dai pointers are only freeded after the component is removed.\n\n==================================================================\nBUG: KASAN: slab-use-after-free in snd_soc_del_component_unlocked+0x3d4/0x400 [snd_soc_core]\nRead of size 8 at addr ffff00084493a6e8 by task kworker/u48:0/3426\nTainted: [W]=WARN\nHardware name: LENOVO 21N2ZC5PUS/21N2ZC5PUS, BIOS N42ET57W (1.31 ) 08/08/2024\nWorkqueue: pdr_notifier_wq pdr_notifier_work [pdr_interface]\nCall trace:\n show_stack+0x28/0x7c (C)\n dump_stack_lvl+0x60/0x80\n print_report+0x160/0x4b4\n kasan_report+0xac/0xfc\n __asan_report_load8_noabort+0x20/0x34\n snd_soc_del_component_unlocked+0x3d4/0x400 [snd_soc_core]\n snd_soc_unregister_component_by_driver+0x50/0x88 [snd_soc_core]\n devm_component_release+0x30/0x5c [snd_soc_core]\n devres_release_all+0x13c/0x210\n device_unbind_cleanup+0x20/0x190\n device_release_driver_internal+0x350/0x468\n device_release_driver+0x18/0x30\n bus_remove_device+0x1a0/0x35c\n device_del+0x314/0x7f0\n device_unregister+0x20/0xbc\n apr_remove_device+0x5c/0x7c [apr]\n device_for_each_child+0xd8/0x160\n apr_pd_status+0x7c/0xa8 [apr]\n pdr_notifier_work+0x114/0x240 [pdr_interface]\n process_one_work+0x500/0xb70\n worker_thread+0x630/0xfb0\n kthread+0x370/0x6c0\n ret_from_fork+0x10/0x20\n\nAllocated by task 77:\n kasan_save_stack+0x40/0x68\n kasan_save_track+0x20/0x40\n kasan_save_alloc_info+0x44/0x58\n __kasan_kmalloc+0xbc/0xdc\n __kmalloc_node_track_caller_noprof+0x1f4/0x620\n devm_kmalloc+0x7c/0x1c8\n snd_soc_register_dai+0x50/0x4f0 [snd_soc_core]\n soc_tplg_pcm_elems_load+0x55c/0x1eb8 [snd_soc_core]\n snd_soc_tplg_component_load+0x4f8/0xb60 [snd_soc_core]\n audioreach_tplg_init+0x124/0x1fc [snd_q6apm]\n q6apm_audio_probe+0x10/0x1c [snd_q6apm]\n snd_soc_component_probe+0x5c/0x118 [snd_soc_core]\n soc_probe_component+0x44c/0xaf0 [snd_soc_core]\n snd_soc_bind_card+0xad0/0x2370 [snd_soc_core]\n snd_soc_register_card+0x3b0/0x4c0 [snd_soc_core]\n devm_snd_soc_register_card+0x50/0xc8 [snd_soc_core]\n x1e80100_platform_probe+0x208/0x368 [snd_soc_x1e80100]\n platform_probe+0xc0/0x188\n really_probe+0x188/0x804\n __driver_probe_device+0x158/0x358\n driver_probe_device+0x60/0x190\n __device_attach_driver+0x16c/0x2a8\n bus_for_each_drv+0x100/0x194\n __device_attach+0x174/0x380\n device_initial_probe+0x14/0x20\n bus_probe_device+0x124/0x154\n deferred_probe_work_func+0x140/0x220\n process_one_work+0x500/0xb70\n worker_thread+0x630/0xfb0\n kthread+0x370/0x6c0\n ret_from_fork+0x10/0x20\n\nFreed by task 3426:\n kasan_save_stack+0x40/0x68\n kasan_save_track+0x20/0x40\n __kasan_save_free_info+0x4c/0x80\n __kasan_slab_free+0x78/0xa0\n kfree+0x100/0x4a4\n devres_release_all+0x144/0x210\n device_unbind_cleanup+0x20/0x190\n device_release_driver_internal+0x350/0x468\n device_release_driver+0x18/0x30\n bus_remove_device+0x1a0/0x35c\n device_del+0x314/0x7f0\n device_unregister+0x20/0xbc\n apr_remove_device+0x5c/0x7c [apr]\n device_for_each_child+0xd8/0x160\n apr_pd_status+0x7c/0xa8 [apr]\n pdr_notifier_work+0x114/0x240 [pdr_interface]\n process_one_work+0x500/0xb70\n worker_thread+0x630/0xfb0\n kthread+0x370/0x6c0\n ret_from_fork+0x10/0x20",
"id": "GHSA-mp3r-6558-hvg8",
"modified": "2026-06-01T18:31:26Z",
"published": "2026-04-24T15:32:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31587"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/110769a9aa51135ac7ce479a47dfb41924f37664"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/30383b7780ffa140bc124de5b66cae7c84133dbb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6ec1235fc941dac6c011b30ee01d9220ff87e0cd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/887632163b546a8944b46ef465f1d74e838b727a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a561a55b79a9c55f0443377f2d4dcf6149d057af"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b7412ed789ffb1e59c8d6f5ab6a6a718963c85e2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7b790531cdad3b2075ab937aa06d7b802403be4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MP4R-C6W2-6JRX
Vulnerability from github – Published: 2023-06-15 21:30 – Updated: 2024-04-04 04:52In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258188673
{
"affected": [],
"aliases": [
"CVE-2023-21120"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-15T19:15:09Z",
"severity": "HIGH"
},
"details": "In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258188673",
"id": "GHSA-mp4r-c6w2-6jrx",
"modified": "2024-04-04T04:52:15Z",
"published": "2023-06-15T21:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21120"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2023-06-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MP64-W8P7-H66M
Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2022-05-24 17:14Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2020-6436"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-13T18:15:00Z",
"severity": "MODERATE"
},
"details": "Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-mp64-w8p7-h66m",
"modified": "2022-05-24T17:14:06Z",
"published": "2022-05-24T17:14:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6436"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1034519"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4714"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MP69-237M-XM5H
Vulnerability from github – Published: 2022-05-14 01:22 – Updated: 2022-05-14 01:22There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
{
"affected": [],
"aliases": [
"CVE-2018-7551"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-28T06:29:00Z",
"severity": "CRITICAL"
},
"details": "There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.",
"id": "GHSA-mp69-237m-xm5h",
"modified": "2022-05-14T01:22:08Z",
"published": "2022-05-14T01:22:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7551"
},
{
"type": "WEB",
"url": "https://github.com/pts/sam2p/issues/28"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891527"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00004.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MP6X-JHFM-FXFQ
Vulnerability from github – Published: 2023-03-29 21:30 – Updated: 2024-11-27 21:32This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18068.
{
"affected": [],
"aliases": [
"CVE-2022-37374"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-29T19:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18068.",
"id": "GHSA-mp6x-jhfm-fxfq",
"modified": "2024-11-27T21:32:43Z",
"published": "2023-03-29T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37374"
},
{
"type": "WEB",
"url": "https://www.tracker-software.com/product/pdf-xchange-editor/history"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1102"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MP7J-CXCW-6C89
Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2022-05-24 17:00In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139806216
{
"affected": [],
"aliases": [
"CVE-2019-2205"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-13T18:15:00Z",
"severity": "HIGH"
},
"details": "In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139806216",
"id": "GHSA-mp7j-cxcw-6c89",
"modified": "2022-05-24T17:00:50Z",
"published": "2022-05-24T17:00:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2205"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2019-11-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MP8G-XGJG-4566
Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-05-24 19:18There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions include:CloudEngine 12800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 5800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 6800 V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800;CloudEngine 7800 V200R005C10SPC800,V200R019C00SPC800.
{
"affected": [],
"aliases": [
"CVE-2021-37122"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-27T01:15:00Z",
"severity": "MODERATE"
},
"details": "There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions include:CloudEngine 12800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 5800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 6800 V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800;CloudEngine 7800 V200R005C10SPC800,V200R019C00SPC800.",
"id": "GHSA-mp8g-xgjg-4566",
"modified": "2022-05-24T19:18:59Z",
"published": "2022-05-24T19:18:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37122"
},
{
"type": "WEB",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211008-01-cloudengine-en"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MP8R-X7VV-MQVQ
Vulnerability from github – Published: 2022-05-24 19:21 – Updated: 2022-05-24 19:21A flaw was found in ImageMagick 7.1.0-14 where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
{
"affected": [],
"aliases": [
"CVE-2021-3962"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-19T17:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in ImageMagick 7.1.0-14 where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"id": "GHSA-mp8r-x7vv-mqvq",
"modified": "2022-05-24T19:21:07Z",
"published": "2022-05-24T19:21:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3962"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/4446"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/82775af03bbb10a0a1d0e15c0156c75673b4525e"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023196"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.