Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-4PVR-RCQ6-XFR4

Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 15:35
VLAI
Details

Use after free in Views in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-14025"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-30T23:17:15Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Views in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)",
  "id": "GHSA-4pvr-rcq6-xfr4",
  "modified": "2026-07-01T15:35:07Z",
  "published": "2026-07-01T00:34:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14025"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/506482786"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4PXG-G29H-QQFC

Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43
VLAI
Details

In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3403"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-04T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.",
  "id": "GHSA-4pxg-g29h-qqfc",
  "modified": "2022-05-24T17:43:42Z",
  "published": "2022-05-24T17:43:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3403"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Yeraze/ytnef/issues/85"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926967"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4Q2G-2WF5-83R6

Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06
VLAI
Details

Use-after-free vulnerability in a SaveAs feature in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7617, and CVE-2015-7621.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-7615"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-10-14T23:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Use-after-free vulnerability in a SaveAs feature in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7617, and CVE-2015-7621.",
  "id": "GHSA-4q2g-2wf5-83r6",
  "modified": "2022-05-13T01:06:37Z",
  "published": "2022-05-13T01:06:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7615"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033796"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-493"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-4Q3X-7JMG-PJMQ

Vulnerability from github – Published: 2025-09-24 18:30 – Updated: 2025-09-24 18:30
VLAI
Details

Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10501"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-24T17:15:39Z",
    "severity": "HIGH"
  },
  "details": "Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-4q3x-7jmg-pjmq",
  "modified": "2025-09-24T18:30:31Z",
  "published": "2025-09-24T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10501"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/440737137"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4Q4M-59WQ-C877

Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 03:35
VLAI
Details

Use after free in Chromecast in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: Low)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-14048"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-30T23:17:17Z",
    "severity": "MODERATE"
  },
  "details": "Use after free in Chromecast in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: Low)",
  "id": "GHSA-4q4m-59wq-c877",
  "modified": "2026-07-01T03:35:23Z",
  "published": "2026-07-01T00:34:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14048"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/499189601"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4Q5X-PCCQ-F9FQ

Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2024-04-04 02:06
VLAI
Details

In Bluetooth, there is a possible information disclosure due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110166350

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-9427"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-27T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Bluetooth, there is a possible information disclosure due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110166350",
  "id": "GHSA-4q5x-pccq-f9fq",
  "modified": "2024-04-04T02:06:11Z",
  "published": "2022-05-24T16:57:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9427"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/android-10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4Q83-9X32-M447

Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 03:31
VLAI
Details

Use after free in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-11262"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-05T00:17:02Z",
    "severity": "HIGH"
  },
  "details": "Use after free in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)",
  "id": "GHSA-4q83-9x32-m447",
  "modified": "2026-06-05T03:31:34Z",
  "published": "2026-06-05T00:31:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11262"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/499386363"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4Q85-VFWH-W392

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-14 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout

When the pn532 uart device is detaching, the pn532_uart_remove() is called. But there are no functions in pn532_uart_remove() that could delete the cmd_timeout timer, which will cause use-after-free bugs. The process is shown below:

(thread 1)                  |        (thread 2)
                            |  pn532_uart_send_frame

pn532_uart_remove | mod_timer(&pn532->cmd_timeout,...) ... | (wait a time) kfree(pn532) //FREE | pn532_cmd_timeout | pn532_uart_send_frame | pn532->... //USE

This patch adds del_timer_sync() in pn532_uart_remove() in order to prevent the use-after-free bugs. What's more, the pn53x_unregister_nfc() is well synchronized, it sets nfc_dev->shutting_down to true and there are no syscalls could restart the cmd_timeout timer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50005"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:28Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout\n\nWhen the pn532 uart device is detaching, the pn532_uart_remove()\nis called. But there are no functions in pn532_uart_remove() that\ncould delete the cmd_timeout timer, which will cause use-after-free\nbugs. The process is shown below:\n\n    (thread 1)                  |        (thread 2)\n                                |  pn532_uart_send_frame\npn532_uart_remove               |    mod_timer(\u0026pn532-\u003ecmd_timeout,...)\n  ...                           |    (wait a time)\n  kfree(pn532) //FREE           |    pn532_cmd_timeout\n                                |      pn532_uart_send_frame\n                                |        pn532-\u003e... //USE\n\nThis patch adds del_timer_sync() in pn532_uart_remove() in order to\nprevent the use-after-free bugs. What\u0027s more, the pn53x_unregister_nfc()\nis well synchronized, it sets nfc_dev-\u003eshutting_down to true and there\nare no syscalls could restart the cmd_timeout timer.",
  "id": "GHSA-4q85-vfwh-w392",
  "modified": "2025-11-14T18:31:24Z",
  "published": "2025-06-18T12:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50005"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2c71f5d55a86fd5969428abf525c1ae6b1c7b0f5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/50403ee6daddf0d7a14e9d3b51a377c39a08ec8c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9c34c33893db7a80d0e4b55c23d3b65e29609cfb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f1e941dbf80a9b8bab0bffbc4cbe41cc7f4c6fb6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4Q8Q-3R7H-5J3F

Vulnerability from github – Published: 2025-12-19 09:30 – Updated: 2025-12-19 09:30
VLAI
Details

A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a remote attacker to execute arbitrary code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-66494"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-19T07:16:02Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a remote attacker to execute arbitrary code.",
  "id": "GHSA-4q8q-3r7h-5j3f",
  "modified": "2025-12-19T09:30:28Z",
  "published": "2025-12-19T09:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66494"
    },
    {
      "type": "WEB",
      "url": "https://www.foxit.com/support/security-bulletins.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4Q97-MRGV-92Q2

Vulnerability from github – Published: 2025-05-30 06:30 – Updated: 2025-05-31 00:30
VLAI
Details

jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-44906"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-30T04:15:46Z",
    "severity": "HIGH"
  },
  "details": "jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.",
  "id": "GHSA-4q97-mrgv-92q2",
  "modified": "2025-05-31T00:30:28Z",
  "published": "2025-05-30T06:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-44906"
    },
    {
      "type": "WEB",
      "url": "https://github.com/madao123123/crash_report/blob/main/jhead/jhead.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.