CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-X99F-M27C-QCJ5
Vulnerability from github – Published: 2025-09-19 00:30 – Updated: 2025-09-19 00:30Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-59215"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T22:15:49Z",
"severity": "HIGH"
},
"details": "Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-x99f-m27c-qcj5",
"modified": "2025-09-19T00:30:58Z",
"published": "2025-09-19T00:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59215"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59215"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X9F9-2GGR-MMJG
Vulnerability from github – Published: 2025-12-18 15:30 – Updated: 2025-12-18 15:30There is a use-after-free vulnerability in sentry!sentry_span_set_data() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions
{
"affected": [],
"aliases": [
"CVE-2025-64468"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-18T15:15:59Z",
"severity": "HIGH"
},
"details": "There is a use-after-free vulnerability in sentry!sentry_span_set_data() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions",
"id": "GHSA-x9f9-2ggr-mmjg",
"modified": "2025-12-18T15:30:45Z",
"published": "2025-12-18T15:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64468"
},
{
"type": "WEB",
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-X9GW-PC8P-GMGG
Vulnerability from github – Published: 2022-05-14 02:34 – Updated: 2022-05-14 02:34Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."
{
"affected": [],
"aliases": [
"CVE-2013-1310"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-05-15T03:36:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer Use After Free Vulnerability.\"",
"id": "GHSA-x9gw-pc8p-gmgg",
"modified": "2022-05-14T02:34:44Z",
"published": "2022-05-14T02:34:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1310"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16689"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-134A"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-X9GX-8M8X-G5MG
Vulnerability from github – Published: 2026-06-16 15:33 – Updated: 2026-06-30 03:37Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152.
{
"affected": [],
"aliases": [
"CVE-2026-12293"
],
"database_specific": {
"cwe_ids": [
"CWE-416",
"CWE-825"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-16T13:16:29Z",
"severity": "CRITICAL"
},
"details": "Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152.",
"id": "GHSA-x9gx-8m8x-g5mg",
"modified": "2026-06-30T03:37:05Z",
"published": "2026-06-16T15:33:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12293"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-12293"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2039568"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489216"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12293.json"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-60"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X9J2-GMQC-GVP6
Vulnerability from github – Published: 2022-05-14 03:56 – Updated: 2022-05-14 03:56A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2016-5213"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-19T05:59:00Z",
"severity": "HIGH"
},
"details": "A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-x9j2-gmqc-gvp6",
"modified": "2022-05-14T03:56:36Z",
"published": "2022-05-14T03:56:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5213"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/652548"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201612-11"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2919.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94633"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X9JM-9GQG-5G65
Vulnerability from github – Published: 2025-10-11 09:30 – Updated: 2025-10-16 15:30Use After Free (UAF) vulnerability in the office service. Successful exploitation of this vulnerability may affect service confidentiality.
{
"affected": [],
"aliases": [
"CVE-2025-58287"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-11T09:15:33Z",
"severity": "HIGH"
},
"details": "Use After Free (UAF) vulnerability in the office service.\u00a0Successful exploitation of this vulnerability may affect service confidentiality.",
"id": "GHSA-x9jm-9gqg-5g65",
"modified": "2025-10-16T15:30:27Z",
"published": "2025-10-11T09:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58287"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2025/10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X9PW-HH7V-WJPF
Vulnerability from github – Published: 2022-01-22 00:00 – Updated: 2022-01-29 00:01HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.
{
"affected": [],
"aliases": [
"CVE-2021-46242"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-21T21:15:00Z",
"severity": "HIGH"
},
"details": "HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.",
"id": "GHSA-x9pw-hh7v-wjpf",
"modified": "2022-01-29T00:01:10Z",
"published": "2022-01-22T00:00:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46242"
},
{
"type": "WEB",
"url": "https://github.com/HDFGroup/hdf5/issues/1329"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-X9QX-846H-75G8
Vulnerability from github – Published: 2022-05-14 01:18 – Updated: 2025-04-12 13:02The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.
{
"affected": [],
"aliases": [
"CVE-2016-1863"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-07-22T02:59:00Z",
"severity": "HIGH"
},
"details": "The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.",
"id": "GHSA-x9qx-846h-75g8",
"modified": "2025-04-12T13:02:43Z",
"published": "2022-05-14T01:18:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1863"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206902"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206903"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206904"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206905"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/40652"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/91828"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036344"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X9RV-39RR-F53C
Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access.
{
"affected": [],
"aliases": [
"CVE-2021-43412"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-07T18:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access.",
"id": "GHSA-x9rv-39rr-f53c",
"modified": "2022-05-24T19:19:56Z",
"published": "2022-05-24T19:19:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43412"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/bug-hurd@gnu.org/msg32116.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-X9VG-QJPV-3C38
Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.
{
"affected": [],
"aliases": [
"CVE-2024-23381"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-05T15:15:47Z",
"severity": "HIGH"
},
"details": "Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.",
"id": "GHSA-x9vg-qjpv-3c38",
"modified": "2024-08-05T15:30:53Z",
"published": "2024-08-05T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23381"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.