Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9813 vulnerabilities reference this CWE, most recent first.

GHSA-5Q23-9W8R-F4XX

Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2024-05-03 03:30
VLAI
Details

PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of TIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19638.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-39491"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T03:15:16Z",
    "severity": "HIGH"
  },
  "details": "PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of TIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19638.",
  "id": "GHSA-5q23-9w8r-f4xx",
  "modified": "2024-05-03T03:30:56Z",
  "published": "2024-05-03T03:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39491"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1132"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5Q2G-88XG-G3HC

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2022-05-24 16:46
VLAI
Details

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-7043"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-24T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",
  "id": "GHSA-5q2g-88xg-g3hc",
  "modified": "2022-05-24T16:46:40Z",
  "published": "2022-05-24T16:46:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7043"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-5Q55-GH5R-H286

Vulnerability from github – Published: 2024-10-21 21:30 – Updated: 2024-10-24 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

nfsd: fix possible badness in FREE_STATEID

When multiple FREE_STATEIDs are sent for the same delegation stateid, it can lead to a possible either use-after-free or counter refcount underflow errors.

In nfsd4_free_stateid() under the client lock we find a delegation stateid, however the code drops the lock before calling nfs4_put_stid(), that allows another FREE_STATE to find the stateid again. The first one will proceed to then free the stateid which leads to either use-after-free or decrementing already zeroed counter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50043"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T20:15:17Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix possible badness in FREE_STATEID\n\nWhen multiple FREE_STATEIDs are sent for the same delegation stateid,\nit can lead to a possible either use-after-free or counter refcount\nunderflow errors.\n\nIn nfsd4_free_stateid() under the client lock we find a delegation\nstateid, however the code drops the lock before calling nfs4_put_stid(),\nthat allows another FREE_STATE to find the stateid again. The first one\nwill proceed to then free the stateid which leads to either\nuse-after-free or decrementing already zeroed counter.",
  "id": "GHSA-5q55-gh5r-h286",
  "modified": "2024-10-24T21:31:03Z",
  "published": "2024-10-21T21:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50043"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7ca9e472ce5c67daa3188a348ece8c02a0765039"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c88c150a467fcb670a1608e2272beeee3e86df6e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5Q58-XHG6-989P

Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01
VLAI
Details

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the CreationDate property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-3962"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-02T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free vulnerability exists in the JavaScript engine of Foxit Software\u0027s Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the CreationDate property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",
  "id": "GHSA-5q58-xhg6-989p",
  "modified": "2022-05-13T01:01:51Z",
  "published": "2022-05-13T01:01:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3962"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0628"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041769"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5Q59-P2QJ-RXXM

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-19 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

spi: Fix simplification of devm_spi_register_controller

This reverts commit 59ebbe40fb51 ("spi: simplify devm_spi_register_controller").

If devm_add_action() fails in devm_add_action_or_reset(), devm_spi_unregister() will be called, it decreases the refcount of 'ctlr->dev' to 0, then it will cause uaf in the drivers that calling spi_put_controller() in error path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50190"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:49Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: Fix simplification of devm_spi_register_controller\n\nThis reverts commit 59ebbe40fb51 (\"spi: simplify\ndevm_spi_register_controller\").\n\nIf devm_add_action() fails in devm_add_action_or_reset(),\ndevm_spi_unregister() will be called, it decreases the\nrefcount of \u0027ctlr-\u003edev\u0027 to 0, then it will cause uaf in\nthe drivers that calling spi_put_controller() in error path.",
  "id": "GHSA-5q59-p2qj-rxxm",
  "modified": "2025-11-19T15:31:29Z",
  "published": "2025-06-18T12:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50190"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/34bab623ebfc08398499e463396b81abb4abe01e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3c6bd448442b6c3f6843ac70d57201a13478dd47"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/43cc5a0afe4184a7fafe1eba32b5a11bb69c9ce0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/445fb9c19cf45bd9472fd9babaa31c5e6c7d2720"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5Q5G-96FW-35FQ

Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26
VLAI
Details

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to HTML range handling.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-2799"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-08-03T00:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to HTML range handling.",
  "id": "GHSA-5q5g-96fw-35fq",
  "modified": "2022-05-13T01:26:26Z",
  "published": "2022-05-13T01:26:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2799"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68961"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14617"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/chromium/issues/detail?id=87925"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/74250"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4981"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4999"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5000"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-5Q64-QMVV-MH4V

Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30
VLAI
Details

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-34347"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-12T18:17:09Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-5q64-qmvv-mh4v",
  "modified": "2026-05-12T18:30:43Z",
  "published": "2026-05-12T18:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34347"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34347"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5Q98-292J-9FC4

Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA resolveNode method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5531.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9955"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-17T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA resolveNode method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5531.",
  "id": "GHSA-5q98-292j-9fc4",
  "modified": "2022-05-13T01:31:39Z",
  "published": "2022-05-13T01:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9955"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://zerodayinitiative.com/advisories/ZDI-18-339"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5QFQ-3XHG-HC6J

Vulnerability from github – Published: 2026-06-09 00:33 – Updated: 2026-06-09 03:31
VLAI
Details

Use after free in Proxy in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-11643"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T00:16:47Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Proxy in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)",
  "id": "GHSA-5qfq-3xhg-hc6j",
  "modified": "2026-06-09T03:31:39Z",
  "published": "2026-06-09T00:33:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11643"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/518006379"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5QJ8-M86X-5C79

Vulnerability from github – Published: 2022-05-14 03:56 – Updated: 2022-05-14 03:56
VLAI
Details

A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-5203"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-19T05:59:00Z",
    "severity": "HIGH"
  },
  "details": "A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
  "id": "GHSA-5qj8-m86x-5c79",
  "modified": "2022-05-14T03:56:37Z",
  "published": "2022-05-14T03:56:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5203"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/644219"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201612-11"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2919.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94633"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.