CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9812 vulnerabilities reference this CWE, most recent first.
GHSA-5R4X-W6P5-222Q
Vulnerability from github – Published: 2026-05-18 20:37 – Updated: 2026-06-11 14:06A crafted MSL image can trigger a heap-use-after-free.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-46523"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-18T20:37:22Z",
"nvd_published_at": "2026-06-10T22:16:59Z",
"severity": "MODERATE"
},
"details": "A crafted MSL image can trigger a heap-use-after-free.",
"id": "GHSA-5r4x-w6p5-222q",
"modified": "2026-06-11T14:06:01Z",
"published": "2026-05-18T20:37:22Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5r4x-w6p5-222q"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46523"
},
{
"type": "PACKAGE",
"url": "https://github.com/ImageMagick/ImageMagick"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "ImageMagick: Use-After-Free in MSL decoder."
}
GHSA-5R52-2M8C-4P3M
Vulnerability from github – Published: 2026-07-06 21:30 – Updated: 2026-07-06 21:30Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory.
{
"affected": [],
"aliases": [
"CVE-2025-59616"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-06T21:16:52Z",
"severity": "MODERATE"
},
"details": "Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory.",
"id": "GHSA-5r52-2m8c-4p3m",
"modified": "2026-07-06T21:30:41Z",
"published": "2026-07-06T21:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59616"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-5R57-JCC8-JHH3
Vulnerability from github – Published: 2024-04-17 09:30 – Updated: 2024-05-03 06:30Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2024-3834"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T08:15:10Z",
"severity": "HIGH"
},
"details": "Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-5r57-jcc8-jhh3",
"modified": "2024-05-03T06:30:35Z",
"published": "2024-04-17T09:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3834"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/326607008"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5R63-5H55-3CF7
Vulnerability from github – Published: 2025-08-12 18:31 – Updated: 2025-08-12 18:31Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
{
"affected": [],
"aliases": [
"CVE-2025-53761"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-12T18:15:45Z",
"severity": "HIGH"
},
"details": "Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.",
"id": "GHSA-5r63-5h55-3cf7",
"modified": "2025-08-12T18:31:32Z",
"published": "2025-08-12T18:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53761"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53761"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5R6Q-RQQP-8FC4
Vulnerability from github – Published: 2024-03-12 21:31 – Updated: 2026-04-02 21:31A use-after-free issue was addressed with improved memory management. This issue is fixed in GarageBand 10.4.11. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2024-23300"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-12T21:15:58Z",
"severity": "HIGH"
},
"details": "A use-after-free issue was addressed with improved memory management. This issue is fixed in GarageBand 10.4.11. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.",
"id": "GHSA-5r6q-rqqp-8fc4",
"modified": "2026-04-02T21:31:39Z",
"published": "2024-03-12T21:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23300"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120885"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214090"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214090"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Mar/27"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5R72-P4CV-H344
Vulnerability from github – Published: 2026-02-14 18:30 – Updated: 2026-05-17 18:30In the Linux kernel, the following vulnerability has been resolved:
bonding: fix use-after-free due to enslave fail after slave array update
Fix a use-after-free which happens due to enslave failure after the new slave has been added to the array. Since the new slave can be used for Tx immediately, we can use it after it has been freed by the enslave error cleanup path which frees the allocated slave memory. Slave update array is supposed to be called last when further enslave failures are not expected. Move it after xdp setup to avoid any problems.
It is very easy to reproduce the problem with a simple xdp_pass prog: ip l add bond1 type bond mode balance-xor ip l set bond1 up ip l set dev bond1 xdp object xdp_pass.o sec xdp_pass ip l add dumdum type dummy
Then run in parallel: while :; do ip l set dumdum master bond1 1>/dev/null 2>&1; done; mausezahn bond1 -a own -b rand -A rand -B 1.1.1.1 -c 0 -t tcp "dp=1-1023, flags=syn"
The crash happens almost immediately: [ 605.602850] Oops: general protection fault, probably for non-canonical address 0xe0e6fc2460000137: 0000 [#1] SMP KASAN NOPTI [ 605.602916] KASAN: maybe wild-memory-access in range [0x07380123000009b8-0x07380123000009bf] [ 605.602946] CPU: 0 UID: 0 PID: 2445 Comm: mausezahn Kdump: loaded Tainted: G B 6.19.0-rc6+ #21 PREEMPT(voluntary) [ 605.602979] Tainted: [B]=BAD_PAGE [ 605.602998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 605.603032] RIP: 0010:netdev_core_pick_tx+0xcd/0x210 [ 605.603063] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 3e 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 6b 08 49 8d 7d 30 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 25 01 00 00 49 8b 45 30 4c 89 e2 48 89 ee 48 89 [ 605.603111] RSP: 0018:ffff88817b9af348 EFLAGS: 00010213 [ 605.603145] RAX: dffffc0000000000 RBX: ffff88817d28b420 RCX: 0000000000000000 [ 605.603172] RDX: 00e7002460000137 RSI: 0000000000000008 RDI: 07380123000009be [ 605.603199] RBP: ffff88817b541a00 R08: 0000000000000001 R09: fffffbfff3ed8c0c [ 605.603226] R10: ffffffff9f6c6067 R11: 0000000000000001 R12: 0000000000000000 [ 605.603253] R13: 073801230000098e R14: ffff88817d28b448 R15: ffff88817b541a84 [ 605.603286] FS: 00007f6570ef67c0(0000) GS:ffff888221dfa000(0000) knlGS:0000000000000000 [ 605.603319] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 605.603343] CR2: 00007f65712fae40 CR3: 000000011371b000 CR4: 0000000000350ef0 [ 605.603373] Call Trace: [ 605.603392] [ 605.603410] __dev_queue_xmit+0x448/0x32a0 [ 605.603434] ? __pfx_vprintk_emit+0x10/0x10 [ 605.603461] ? __pfx_vprintk_emit+0x10/0x10 [ 605.603484] ? __pfxdevqueue_xmit+0x10/0x10 [ 605.603507] ? bond_start_xmit+0xbfb/0xc20 [bonding] [ 605.603546] ? _printk+0xcb/0x100 [ 605.603566] ? pfx__printk+0x10/0x10 [ 605.603589] ? bond_start_xmit+0xbfb/0xc20 [bonding] [ 605.603627] ? add_taint+0x5e/0x70 [ 605.603648] ? add_taint+0x2a/0x70 [ 605.603670] ? end_report.cold+0x51/0x75 [ 605.603693] ? bond_start_xmit+0xbfb/0xc20 [bonding] [ 605.603731] bond_start_xmit+0x623/0xc20 [bonding]
{
"affected": [],
"aliases": [
"CVE-2026-23171"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-14T16:15:57Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix use-after-free due to enslave fail after slave array update\n\nFix a use-after-free which happens due to enslave failure after the new\nslave has been added to the array. Since the new slave can be used for Tx\nimmediately, we can use it after it has been freed by the enslave error\ncleanup path which frees the allocated slave memory. Slave update array is\nsupposed to be called last when further enslave failures are not expected.\nMove it after xdp setup to avoid any problems.\n\nIt is very easy to reproduce the problem with a simple xdp_pass prog:\n ip l add bond1 type bond mode balance-xor\n ip l set bond1 up\n ip l set dev bond1 xdp object xdp_pass.o sec xdp_pass\n ip l add dumdum type dummy\n\nThen run in parallel:\n while :; do ip l set dumdum master bond1 1\u003e/dev/null 2\u003e\u00261; done;\n mausezahn bond1 -a own -b rand -A rand -B 1.1.1.1 -c 0 -t tcp \"dp=1-1023, flags=syn\"\n\nThe crash happens almost immediately:\n [ 605.602850] Oops: general protection fault, probably for non-canonical address 0xe0e6fc2460000137: 0000 [#1] SMP KASAN NOPTI\n [ 605.602916] KASAN: maybe wild-memory-access in range [0x07380123000009b8-0x07380123000009bf]\n [ 605.602946] CPU: 0 UID: 0 PID: 2445 Comm: mausezahn Kdump: loaded Tainted: G B 6.19.0-rc6+ #21 PREEMPT(voluntary)\n [ 605.602979] Tainted: [B]=BAD_PAGE\n [ 605.602998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n [ 605.603032] RIP: 0010:netdev_core_pick_tx+0xcd/0x210\n [ 605.603063] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 3e 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 6b 08 49 8d 7d 30 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 25 01 00 00 49 8b 45 30 4c 89 e2 48 89 ee 48 89\n [ 605.603111] RSP: 0018:ffff88817b9af348 EFLAGS: 00010213\n [ 605.603145] RAX: dffffc0000000000 RBX: ffff88817d28b420 RCX: 0000000000000000\n [ 605.603172] RDX: 00e7002460000137 RSI: 0000000000000008 RDI: 07380123000009be\n [ 605.603199] RBP: ffff88817b541a00 R08: 0000000000000001 R09: fffffbfff3ed8c0c\n [ 605.603226] R10: ffffffff9f6c6067 R11: 0000000000000001 R12: 0000000000000000\n [ 605.603253] R13: 073801230000098e R14: ffff88817d28b448 R15: ffff88817b541a84\n [ 605.603286] FS: 00007f6570ef67c0(0000) GS:ffff888221dfa000(0000) knlGS:0000000000000000\n [ 605.603319] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 605.603343] CR2: 00007f65712fae40 CR3: 000000011371b000 CR4: 0000000000350ef0\n [ 605.603373] Call Trace:\n [ 605.603392] \u003cTASK\u003e\n [ 605.603410] __dev_queue_xmit+0x448/0x32a0\n [ 605.603434] ? __pfx_vprintk_emit+0x10/0x10\n [ 605.603461] ? __pfx_vprintk_emit+0x10/0x10\n [ 605.603484] ? __pfx___dev_queue_xmit+0x10/0x10\n [ 605.603507] ? bond_start_xmit+0xbfb/0xc20 [bonding]\n [ 605.603546] ? _printk+0xcb/0x100\n [ 605.603566] ? __pfx__printk+0x10/0x10\n [ 605.603589] ? bond_start_xmit+0xbfb/0xc20 [bonding]\n [ 605.603627] ? add_taint+0x5e/0x70\n [ 605.603648] ? add_taint+0x2a/0x70\n [ 605.603670] ? end_report.cold+0x51/0x75\n [ 605.603693] ? bond_start_xmit+0xbfb/0xc20 [bonding]\n [ 605.603731] bond_start_xmit+0x623/0xc20 [bonding]",
"id": "GHSA-5r72-p4cv-h344",
"modified": "2026-05-17T18:30:26Z",
"published": "2026-02-14T18:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23171"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/172dcb67dd35b162357df229d7806acc724cd469"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2889d92c5f728351c9930c7996d22fe6e906e785"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bd25b092a06a3e05f7e8bd6da6fa7318777d8c3d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e9acda52fd2ee0cdca332f996da7a95c5fd25294"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5R86-XCPG-678M
Vulnerability from github – Published: 2025-01-28 00:32 – Updated: 2025-01-28 18:31A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing a maliciously crafted image may lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2024-54499"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T22:15:12Z",
"severity": "HIGH"
},
"details": "A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing a maliciously crafted image may lead to arbitrary code execution.",
"id": "GHSA-5r86-xcpg-678m",
"modified": "2025-01-28T18:31:25Z",
"published": "2025-01-28T00:32:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54499"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121837"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121839"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121843"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121844"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121845"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5R8W-6XFR-Q973
Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2016-7906"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-18T17:59:00Z",
"severity": "MODERATE"
},
"details": "magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.",
"id": "GHSA-5r8w-6xfr-q973",
"modified": "2022-05-13T01:14:44Z",
"published": "2022-05-13T01:14:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7906"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/281"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/90406972f108c4da71f998601b06abdc2ac6f06e"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201611-21"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3726"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/10/02/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/10/02/3"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93271"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5RCC-G32G-82GV
Vulnerability from github – Published: 2022-05-14 00:52 – Updated: 2022-05-14 00:52Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2018-16014"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-18T17:29:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",
"id": "GHSA-5rcc-g32g-82gv",
"modified": "2022-05-14T00:52:22Z",
"published": "2022-05-14T00:52:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16014"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106164"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5RCH-679R-CV33
Vulnerability from github – Published: 2026-03-17 18:30 – Updated: 2026-03-17 18:30A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.
{
"affected": [],
"aliases": [
"CVE-2026-4148"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-17T16:16:23Z",
"severity": "HIGH"
},
"details": "A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.",
"id": "GHSA-5rch-679r-cv33",
"modified": "2026-03-17T18:30:33Z",
"published": "2026-03-17T18:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4148"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/SERVER-119319"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.