CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-4PVR-RCQ6-XFR4
Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 15:35Use after free in Views in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
{
"affected": [],
"aliases": [
"CVE-2026-14025"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-30T23:17:15Z",
"severity": "HIGH"
},
"details": "Use after free in Views in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)",
"id": "GHSA-4pvr-rcq6-xfr4",
"modified": "2026-07-01T15:35:07Z",
"published": "2026-07-01T00:34:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14025"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/506482786"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4PXG-G29H-QQFC
Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2021-3403"
],
"database_specific": {
"cwe_ids": [
"CWE-415",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-04T22:15:00Z",
"severity": "HIGH"
},
"details": "In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.",
"id": "GHSA-4pxg-g29h-qqfc",
"modified": "2022-05-24T17:43:42Z",
"published": "2022-05-24T17:43:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3403"
},
{
"type": "WEB",
"url": "https://github.com/Yeraze/ytnef/issues/85"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926967"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4Q2G-2WF5-83R6
Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06Use-after-free vulnerability in a SaveAs feature in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7617, and CVE-2015-7621.
{
"affected": [],
"aliases": [
"CVE-2015-7615"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-10-14T23:59:00Z",
"severity": "MODERATE"
},
"details": "Use-after-free vulnerability in a SaveAs feature in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7617, and CVE-2015-7621.",
"id": "GHSA-4q2g-2wf5-83r6",
"modified": "2022-05-13T01:06:37Z",
"published": "2022-05-13T01:06:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7615"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033796"
},
{
"type": "WEB",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-493"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4Q3X-7JMG-PJMQ
Vulnerability from github – Published: 2025-09-24 18:30 – Updated: 2025-09-24 18:30Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2025-10501"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-24T17:15:39Z",
"severity": "HIGH"
},
"details": "Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-4q3x-7jmg-pjmq",
"modified": "2025-09-24T18:30:31Z",
"published": "2025-09-24T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10501"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/440737137"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4Q4M-59WQ-C877
Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 03:35Use after free in Chromecast in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: Low)
{
"affected": [],
"aliases": [
"CVE-2026-14048"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-30T23:17:17Z",
"severity": "MODERATE"
},
"details": "Use after free in Chromecast in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: Low)",
"id": "GHSA-4q4m-59wq-c877",
"modified": "2026-07-01T03:35:23Z",
"published": "2026-07-01T00:34:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14048"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/499189601"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4Q5X-PCCQ-F9FQ
Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2024-04-04 02:06In Bluetooth, there is a possible information disclosure due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110166350
{
"affected": [],
"aliases": [
"CVE-2019-9427"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-27T19:15:00Z",
"severity": "MODERATE"
},
"details": "In Bluetooth, there is a possible information disclosure due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110166350",
"id": "GHSA-4q5x-pccq-f9fq",
"modified": "2024-04-04T02:06:11Z",
"published": "2022-05-24T16:57:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9427"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4Q83-9X32-M447
Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 03:31Use after free in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
{
"affected": [],
"aliases": [
"CVE-2026-11262"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-05T00:17:02Z",
"severity": "HIGH"
},
"details": "Use after free in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)",
"id": "GHSA-4q83-9x32-m447",
"modified": "2026-06-05T03:31:34Z",
"published": "2026-06-05T00:31:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11262"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/499386363"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4Q85-VFWH-W392
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-14 18:31In the Linux kernel, the following vulnerability has been resolved:
nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout
When the pn532 uart device is detaching, the pn532_uart_remove() is called. But there are no functions in pn532_uart_remove() that could delete the cmd_timeout timer, which will cause use-after-free bugs. The process is shown below:
(thread 1) | (thread 2)
| pn532_uart_send_frame
pn532_uart_remove | mod_timer(&pn532->cmd_timeout,...) ... | (wait a time) kfree(pn532) //FREE | pn532_cmd_timeout | pn532_uart_send_frame | pn532->... //USE
This patch adds del_timer_sync() in pn532_uart_remove() in order to prevent the use-after-free bugs. What's more, the pn53x_unregister_nfc() is well synchronized, it sets nfc_dev->shutting_down to true and there are no syscalls could restart the cmd_timeout timer.
{
"affected": [],
"aliases": [
"CVE-2022-50005"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:28Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout\n\nWhen the pn532 uart device is detaching, the pn532_uart_remove()\nis called. But there are no functions in pn532_uart_remove() that\ncould delete the cmd_timeout timer, which will cause use-after-free\nbugs. The process is shown below:\n\n (thread 1) | (thread 2)\n | pn532_uart_send_frame\npn532_uart_remove | mod_timer(\u0026pn532-\u003ecmd_timeout,...)\n ... | (wait a time)\n kfree(pn532) //FREE | pn532_cmd_timeout\n | pn532_uart_send_frame\n | pn532-\u003e... //USE\n\nThis patch adds del_timer_sync() in pn532_uart_remove() in order to\nprevent the use-after-free bugs. What\u0027s more, the pn53x_unregister_nfc()\nis well synchronized, it sets nfc_dev-\u003eshutting_down to true and there\nare no syscalls could restart the cmd_timeout timer.",
"id": "GHSA-4q85-vfwh-w392",
"modified": "2025-11-14T18:31:24Z",
"published": "2025-06-18T12:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50005"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2c71f5d55a86fd5969428abf525c1ae6b1c7b0f5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/50403ee6daddf0d7a14e9d3b51a377c39a08ec8c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9c34c33893db7a80d0e4b55c23d3b65e29609cfb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f1e941dbf80a9b8bab0bffbc4cbe41cc7f4c6fb6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4Q8Q-3R7H-5J3F
Vulnerability from github – Published: 2025-12-19 09:30 – Updated: 2025-12-19 09:30A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a remote attacker to execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2025-66494"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-19T07:16:02Z",
"severity": "HIGH"
},
"details": "A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a remote attacker to execute arbitrary code.",
"id": "GHSA-4q8q-3r7h-5j3f",
"modified": "2025-12-19T09:30:28Z",
"published": "2025-12-19T09:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66494"
},
{
"type": "WEB",
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4Q97-MRGV-92Q2
Vulnerability from github – Published: 2025-05-30 06:30 – Updated: 2025-05-31 00:30jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.
{
"affected": [],
"aliases": [
"CVE-2025-44906"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-30T04:15:46Z",
"severity": "HIGH"
},
"details": "jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.",
"id": "GHSA-4q97-mrgv-92q2",
"modified": "2025-05-31T00:30:28Z",
"published": "2025-05-30T06:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-44906"
},
{
"type": "WEB",
"url": "https://github.com/madao123123/crash_report/blob/main/jhead/jhead.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.