Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-W7G4-69HJ-JCRQ

Vulnerability from github – Published: 2024-05-22 18:30 – Updated: 2024-12-19 21:31
VLAI
Details

Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-5157"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-22T16:15:10Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-w7g4-69hj-jcrq",
  "modified": "2024-12-19T21:31:08Z",
  "published": "2024-05-22T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5157"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/336012573"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KEVD4433KTOCYY6V4I7MMYKQ6URUS4L"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX6IYZ6XF7B2WE66NFPNI2NHWJFI6VDF"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W7G9-RWXJ-FR23

Vulnerability from github – Published: 2026-05-29 00:38 – Updated: 2026-05-29 12:31
VLAI
Details

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-9927"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-28T23:16:50Z",
    "severity": "HIGH"
  },
  "details": "Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-w7g9-rwxj-fr23",
  "modified": "2026-05-29T12:31:24Z",
  "published": "2026-05-29T00:38:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9927"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/500540958"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W7J7-M99G-GCGQ

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-07-03 18:42
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

NFS: Fix use-after-free in nfs4_init_client()

KASAN reports a use-after-free when attempting to mount two different exports through two different NICs that belong to the same server.

Olga was able to hit this with kernels starting somewhere between 5.7 and 5.10, but I traced the patch that introduced the clear_bit() call to 4.13. So something must have changed in the refcounting of the clp pointer to make this call to nfs_put_client() the very last one.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47259"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:14Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix use-after-free in nfs4_init_client()\n\nKASAN reports a use-after-free when attempting to mount two different\nexports through two different NICs that belong to the same server.\n\nOlga was able to hit this with kernels starting somewhere between 5.7\nand 5.10, but I traced the patch that introduced the clear_bit() call to\n4.13. So something must have changed in the refcounting of the clp\npointer to make this call to nfs_put_client() the very last one.",
  "id": "GHSA-w7j7-m99g-gcgq",
  "modified": "2024-07-03T18:42:43Z",
  "published": "2024-05-21T15:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47259"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3e3c7ebbfac152d08be75c92802a64a1f6471a15"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/42c10b0db064e45f5c5ae7019bbf2168ffab766c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/476bdb04c501fc64bf3b8464ffddefc8dbe01577"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/72651c6579a25317a90536181d311c663d0329ab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c3b6cf64dfe4ef96e7341508d50d6998da7062c7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c7eab9e2d7b4e983ce280276fb920af649955897"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W7PG-PJP7-VMXW

Vulnerability from github – Published: 2025-06-03 06:31 – Updated: 2025-06-03 06:31
VLAI
Details

memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-27031"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-03T06:15:26Z",
    "severity": "HIGH"
  },
  "details": "memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.",
  "id": "GHSA-w7pg-pjp7-vmxw",
  "modified": "2025-06-03T06:31:15Z",
  "published": "2025-06-03T06:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27031"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W7PQ-RMWM-C759

Vulnerability from github – Published: 2025-01-15 15:31 – Updated: 2025-11-03 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm: adv7511: Fix use-after-free in adv7533_attach_dsi()

The host_node pointer was assigned and freed in adv7533_parse_dt(), and later, adv7533_attach_dsi() uses the same. Fix this use-after-free issue by dropping of_node_put() in adv7533_parse_dt() and calling of_node_put() in error path of probe() and also in the remove().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57887"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-15T13:15:13Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: adv7511: Fix use-after-free in adv7533_attach_dsi()\n\nThe host_node pointer was assigned and freed in adv7533_parse_dt(), and\nlater, adv7533_attach_dsi() uses the same. Fix this use-after-free issue\nby\u00a0dropping of_node_put() in adv7533_parse_dt() and calling of_node_put()\nin error path of probe() and also in the remove().",
  "id": "GHSA-w7pq-rmwm-c759",
  "modified": "2025-11-03T21:32:11Z",
  "published": "2025-01-15T15:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57887"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1f49aaf55652580ae63ab83d67211fe6a55d83dc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/81adbd3ff21c1182e06aa02c6be0bfd9ea02d8e8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/acec80d9f126cd3fa764bbe3d96bc0cb5cd2b087"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ca9d077350fa21897de8bf64cba23b198740aab5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d208571943ffddc438a7ce533d5d0b9219806242"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W7Q3-R9CX-MXPQ

Vulnerability from github – Published: 2022-05-14 03:17 – Updated: 2022-05-14 03:17
VLAI
Details

jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-11230"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-17T12:29:00Z",
    "severity": "HIGH"
  },
  "details": "jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted file.",
  "id": "GHSA-w7q3-r9cx-mxpq",
  "modified": "2022-05-14T03:17:27Z",
  "published": "2022-05-14T03:17:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11230"
    },
    {
      "type": "WEB",
      "url": "https://github.com/agl/jbig2enc/issues/61"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W7Q6-MHGP-7C2H

Vulnerability from github – Published: 2023-01-18 21:30 – Updated: 2025-10-22 00:32
VLAI
Details

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21608"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-18T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-w7q6-mhgp-7c2h",
  "modified": "2025-10-22T00:32:39Z",
  "published": "2023-01-18T21:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21608"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb23-01.html"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21608"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W7VF-MP9X-925Q

Vulnerability from github – Published: 2022-12-22 21:30 – Updated: 2025-04-15 15:30
VLAI
Details

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-40960"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-22T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 102.3, Thunderbird \u003c 102.3, and Firefox \u003c 105.",
  "id": "GHSA-w7vf-mp9x-925q",
  "modified": "2025-04-15T15:30:35Z",
  "published": "2022-12-22T21:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40960"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1787633"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-40"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-41"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-42"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W7W7-8QG5-2HJC

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:44
VLAI
Details

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-7788"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-22T14:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",
  "id": "GHSA-w7w7-8qg5-2hjc",
  "modified": "2024-04-04T00:44:40Z",
  "published": "2022-05-24T16:46:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7788"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108320"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W7XV-CPCR-3Q3H

Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-16 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()

nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm will call nouveau_bo_del_ttm() and free the memory.Thus, when nouveau_bo_init() returns an error, the gem object has already been released. Then the call to nouveau_bo_ref() will use the freed "nvbo->bo" and lead to a use-after-free bug.

We should delete the call to nouveau_bo_ref() to avoid the use-after-free.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50454"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T12:15:38Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()\n\nnouveau_bo_init() is backed by ttm_bo_init() and ferries its return code\nback to the caller. On failures, ttm will call nouveau_bo_del_ttm() and\nfree the memory.Thus, when nouveau_bo_init() returns an error, the gem\nobject has already been released. Then the call to nouveau_bo_ref() will\nuse the freed \"nvbo-\u003ebo\" and lead to a use-after-free bug.\n\nWe should delete the call to nouveau_bo_ref() to avoid the use-after-free.",
  "id": "GHSA-w7xv-cpcr-3q3h",
  "modified": "2026-01-16T21:30:28Z",
  "published": "2025-10-01T12:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50454"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3aeda2fe6517cc52663d4ce3588dd43f0d4124a7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/540dfd188ea2940582841c1c220bd035a7db0e51"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/56ee9577915dc06f55309901012a9ef68dbdb5a8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5d6093c49c098d86c7b136aba9922df44aeb6944"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7d80473e9f12548ac05b36af4fb9ce80f2f73509"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/861f085f81fd569b02cc2c11165a9e6cca144424"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.