CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-VVRQ-J22M-3X47
Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2025-11-03 21:30XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-36055"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-01T15:15:00Z",
"severity": "HIGH"
},
"details": "XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-vvrq-j22m-3x47",
"modified": "2025-11-03T21:30:33Z",
"published": "2022-05-24T19:12:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36055"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00003.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VVRW-3V6R-RPP2
Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
{
"affected": [],
"aliases": [
"CVE-2025-59227"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-14T17:16:03Z",
"severity": "HIGH"
},
"details": "Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.",
"id": "GHSA-vvrw-3v6r-rpp2",
"modified": "2025-10-14T18:30:34Z",
"published": "2025-10-14T18:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59227"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59227"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VVV3-884V-FQFW
Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.
{
"affected": [],
"aliases": [
"CVE-2011-1440"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-05-03T22:55:00Z",
"severity": "MODERATE"
},
"details": "Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.",
"id": "GHSA-vvv3-884v-fqfw",
"modified": "2022-05-13T01:26:16Z",
"published": "2022-05-13T01:26:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1440"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67147"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14083"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=75186"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4981"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5000"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2011/dsa-2245"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VVWM-QWHW-XP68
Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the beep method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6514.
{
"affected": [],
"aliases": [
"CVE-2018-17662"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-24T04:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the beep method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6514.",
"id": "GHSA-vvwm-qwhw-xp68",
"modified": "2022-05-13T01:33:55Z",
"published": "2022-05-13T01:33:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17662"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1188"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VVWX-Q9PV-5RVX
Vulnerability from github – Published: 2026-07-09 00:31 – Updated: 2026-07-09 12:30Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-15113"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-08T23:16:52Z",
"severity": "CRITICAL"
},
"details": "Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-vvwx-q9pv-5rvx",
"modified": "2026-07-09T12:30:26Z",
"published": "2026-07-09T00:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-15113"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/07/stable-channel-update-for-desktop_01162222768.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/520540744"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VVX4-72QG-P3H5
Vulnerability from github – Published: 2023-07-29 00:30 – Updated: 2024-04-04 06:25Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2022-4924"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-29T00:15:11Z",
"severity": "CRITICAL"
},
"details": "Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-vvx4-72qg-p3h5",
"modified": "2024-04-04T06:25:48Z",
"published": "2023-07-29T00:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4924"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1272967"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VW2P-73GR-HWH5
Vulnerability from github – Published: 2026-07-03 21:31 – Updated: 2026-07-03 21:31Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
{
"affected": [],
"aliases": [
"CVE-2026-58276"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-03T21:17:02Z",
"severity": "HIGH"
},
"details": "Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.",
"id": "GHSA-vw2p-73gr-hwh5",
"modified": "2026-07-03T21:31:39Z",
"published": "2026-07-03T21:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-58276"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58276"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VW3X-5825-83PH
Vulnerability from github – Published: 2022-05-02 06:20 – Updated: 2025-04-11 03:37Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.
{
"affected": [],
"aliases": [
"CVE-2010-1208"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-07-30T20:30:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.",
"id": "GHSA-vw3x-5825-83ph",
"modified": "2025-04-11T03:37:45Z",
"published": "2022-05-02T06:20:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1208"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=572986"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740"
},
{
"type": "WEB",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-35.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/512515"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/41849"
},
{
"type": "WEB",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-134"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VW5Q-4J3R-JCJ8
Vulnerability from github – Published: 2024-02-28 09:30 – Updated: 2024-12-09 21:31In the Linux kernel, the following vulnerability has been resolved:
Drivers: hv: vmbus: Use after free in __vmbus_open()
The "open_info" variable is added to the &vmbus_connection.chn_msg_list, but the error handling frees "open_info" without removing it from the list. This will result in a use after free. First remove it from the list, and then free it.
{
"affected": [],
"aliases": [
"CVE-2021-47049"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-28T09:15:40Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Use after free in __vmbus_open()\n\nThe \"open_info\" variable is added to the \u0026vmbus_connection.chn_msg_list,\nbut the error handling frees \"open_info\" without removing it from the\nlist. This will result in a use after free. First remove it from the\nlist, and then free it.",
"id": "GHSA-vw5q-4j3r-jcj8",
"modified": "2024-12-09T21:31:00Z",
"published": "2024-02-28T09:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47049"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2728f289b3270b0e273292b46c534421a33bbfd5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3e9bf43f7f7a46f21ec071cb47be92d0874c48da"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d5c7b42c9f56ca46b286daa537d181bd7f69214f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f37dd5d1b5d38a79a4f7b8dd7bbb705505f05560"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VW65-CCRC-XMFW
Vulnerability from github – Published: 2024-01-23 15:30 – Updated: 2025-06-20 21:31A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
{
"affected": [],
"aliases": [
"CVE-2024-0746"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-23T14:15:38Z",
"severity": "MODERATE"
},
"details": "A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox \u003c 122, Firefox ESR \u003c 115.7, and Thunderbird \u003c 115.7.",
"id": "GHSA-vw65-ccrc-xmfw",
"modified": "2025-06-20T21:31:48Z",
"published": "2024-01-23T15:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0746"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1660223"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-02"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-04"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.