Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-X99F-M27C-QCJ5

Vulnerability from github – Published: 2025-09-19 00:30 – Updated: 2025-09-19 00:30
VLAI
Details

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59215"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T22:15:49Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-x99f-m27c-qcj5",
  "modified": "2025-09-19T00:30:58Z",
  "published": "2025-09-19T00:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59215"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59215"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X9F9-2GGR-MMJG

Vulnerability from github – Published: 2025-12-18 15:30 – Updated: 2025-12-18 15:30
VLAI
Details

There is a use-after-free vulnerability in sentry!sentry_span_set_data() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-64468"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-18T15:15:59Z",
    "severity": "HIGH"
  },
  "details": "There is a use-after-free vulnerability in sentry!sentry_span_set_data() when parsing a corrupted VI file.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions",
  "id": "GHSA-x9f9-2ggr-mmjg",
  "modified": "2025-12-18T15:30:45Z",
  "published": "2025-12-18T15:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64468"
    },
    {
      "type": "WEB",
      "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-X9GW-PC8P-GMGG

Vulnerability from github – Published: 2022-05-14 02:34 – Updated: 2022-05-14 02:34
VLAI
Details

Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2013-1310"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-05-15T03:36:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer Use After Free Vulnerability.\"",
  "id": "GHSA-x9gw-pc8p-gmgg",
  "modified": "2022-05-14T02:34:44Z",
  "published": "2022-05-14T02:34:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1310"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16689"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/ncas/alerts/TA13-134A"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-X9GX-8M8X-G5MG

Vulnerability from github – Published: 2026-06-16 15:33 – Updated: 2026-06-30 03:37
VLAI
Details

Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-12293"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416",
      "CWE-825"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-16T13:16:29Z",
    "severity": "CRITICAL"
  },
  "details": "Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152.",
  "id": "GHSA-x9gx-8m8x-g5mg",
  "modified": "2026-06-30T03:37:05Z",
  "published": "2026-06-16T15:33:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12293"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12293"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2039568"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489216"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12293.json"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-57"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-60"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X9J2-GMQC-GVP6

Vulnerability from github – Published: 2022-05-14 03:56 – Updated: 2022-05-14 03:56
VLAI
Details

A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-5213"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-19T05:59:00Z",
    "severity": "HIGH"
  },
  "details": "A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-x9j2-gmqc-gvp6",
  "modified": "2022-05-14T03:56:36Z",
  "published": "2022-05-14T03:56:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5213"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/652548"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201612-11"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2919.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94633"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X9JM-9GQG-5G65

Vulnerability from github – Published: 2025-10-11 09:30 – Updated: 2025-10-16 15:30
VLAI
Details

Use After Free (UAF) vulnerability in the office service. Successful exploitation of this vulnerability may affect service confidentiality.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-58287"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-11T09:15:33Z",
    "severity": "HIGH"
  },
  "details": "Use After Free (UAF) vulnerability in the office service.\u00a0Successful exploitation of this vulnerability may affect service confidentiality.",
  "id": "GHSA-x9jm-9gqg-5g65",
  "modified": "2025-10-16T15:30:27Z",
  "published": "2025-10-11T09:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58287"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2025/10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X9PW-HH7V-WJPF

Vulnerability from github – Published: 2022-01-22 00:00 – Updated: 2022-01-29 00:01
VLAI
Details

HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46242"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-21T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.",
  "id": "GHSA-x9pw-hh7v-wjpf",
  "modified": "2022-01-29T00:01:10Z",
  "published": "2022-01-22T00:00:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46242"
    },
    {
      "type": "WEB",
      "url": "https://github.com/HDFGroup/hdf5/issues/1329"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-X9QX-846H-75G8

Vulnerability from github – Published: 2022-05-14 01:18 – Updated: 2025-04-12 13:02
VLAI
Details

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-1863"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-07-22T02:59:00Z",
    "severity": "HIGH"
  },
  "details": "The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.",
  "id": "GHSA-x9qx-846h-75g8",
  "modified": "2025-04-12T13:02:43Z",
  "published": "2022-05-14T01:18:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1863"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206902"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206903"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206904"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206905"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/40652"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/91828"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036344"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X9RV-39RR-F53C

Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19
VLAI
Details

An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-43412"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-07T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access.",
  "id": "GHSA-x9rv-39rr-f53c",
  "modified": "2022-05-24T19:19:56Z",
  "published": "2022-05-24T19:19:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43412"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html"
    },
    {
      "type": "WEB",
      "url": "https://www.mail-archive.com/bug-hurd@gnu.org/msg32116.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-X9VG-QJPV-3C38

Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30
VLAI
Details

Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23381"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-05T15:15:47Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.",
  "id": "GHSA-x9vg-qjpv-3c38",
  "modified": "2024-08-05T15:30:53Z",
  "published": "2024-08-05T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23381"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.