CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9804 vulnerabilities reference this CWE, most recent first.
GHSA-XV26-933M-66H2
Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of FileAttachment annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5026.
{
"affected": [],
"aliases": [
"CVE-2017-14834"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-20T14:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of FileAttachment annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5026.",
"id": "GHSA-xv26-933m-66h2",
"modified": "2022-05-13T01:37:35Z",
"published": "2022-05-13T01:37:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14834"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-878"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XV38-PH7H-P3QW
Vulnerability from github – Published: 2022-01-15 00:01 – Updated: 2022-01-22 00:02Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-44704"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-14T20:15:00Z",
"severity": "HIGH"
},
"details": "Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-xv38-ph7h-p3qw",
"modified": "2022-01-22T00:02:02Z",
"published": "2022-01-15T00:01:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44704"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb22-01.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XV5C-VG59-HJ7X
Vulnerability from github – Published: 2025-06-11 09:30 – Updated: 2025-06-11 09:30There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous handling of HTTP error responses.
This issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.
{
"affected": [],
"aliases": [
"CVE-2025-5991"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-11T08:15:22Z",
"severity": "LOW"
},
"details": "There is a \"Use After Free\" vulnerability in Qt\u0027s QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a\n POST request and the simultaneous handling of HTTP error responses.\n\nThis issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.",
"id": "GHSA-xv5c-vg59-hj7x",
"modified": "2025-06-11T09:30:32Z",
"published": "2025-06-11T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5991"
},
{
"type": "WEB",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/643777"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-XV5G-JFVH-HGPH
Vulnerability from github – Published: 2024-02-20 15:31 – Updated: 2024-08-29 21:31Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.
{
"affected": [],
"aliases": [
"CVE-2024-25199"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-20T14:15:09Z",
"severity": "HIGH"
},
"details": "Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.",
"id": "GHSA-xv5g-jfvh-hgph",
"modified": "2024-08-29T21:31:01Z",
"published": "2024-02-20T15:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25199"
},
{
"type": "WEB",
"url": "https://github.com/ros-planning/navigation2/pull/4078"
},
{
"type": "WEB",
"url": "https://github.com/ros-planning/navigation2/pull/4079"
},
{
"type": "WEB",
"url": "https://github.com/ros-planning/navigation2/blob/main/nav2_amcl/src/amcl_node.cpp#L331-L344"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XV5J-XW3X-CWR6
Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-07-29 00:00Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2022-1639"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-26T22:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-xv5j-xw3x-cwr6",
"modified": "2022-07-29T00:00:34Z",
"published": "2022-07-27T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1639"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1317650"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-25"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XV7P-VWJ6-P73H
Vulnerability from github – Published: 2022-09-27 00:00 – Updated: 2025-05-21 21:31Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
{
"affected": [],
"aliases": [
"CVE-2022-3196"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-26T16:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"id": "GHSA-xv7p-vwj6-p73h",
"modified": "2025-05-21T21:31:09Z",
"published": "2022-09-27T00:00:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3196"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1358090"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/40060720"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202209-23"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XV87-M263-W2MJ
Vulnerability from github – Published: 2022-05-14 03:24 – Updated: 2022-05-14 03:24In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the kernel IPA driver, a Use After Free condition can occur.
{
"affected": [],
"aliases": [
"CVE-2018-5825"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-03T17:29:00Z",
"severity": "HIGH"
},
"details": "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the kernel IPA driver, a Use After Free condition can occur.",
"id": "GHSA-xv87-m263-w2mj",
"modified": "2022-05-14T03:24:10Z",
"published": "2022-05-14T03:24:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5825"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2018-04-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XV8Q-FW76-648M
Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-05-24 19:17An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed and then later reused, resulting in a use-after-free vulnerability, which can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-21796"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-18T13:15:00Z",
"severity": "HIGH"
},
"details": "An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed and then later reused, resulting in a use-after-free vulnerability, which can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger this vulnerability.",
"id": "GHSA-xv8q-fw76-648m",
"modified": "2022-05-24T19:17:50Z",
"published": "2022-05-24T19:17:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21796"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1265"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XVGG-VWV8-FVR6
Vulnerability from github – Published: 2026-06-24 18:32 – Updated: 2026-06-28 09:31In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix use-after-free in smb2_open during durable reconnect
In smb2_open, the call to ksmbd_put_durable_fd(fp) drops the reference to the durable file descriptor early during the durable reconnect process. If an error occurs subsequently (eg, ksmbd_iov_pin_rsp fails) or a scavenger accesses the file, it leads to a use-after-free when accessing fp properties (eg fp->create_time).
Move the single put to the end of the function below err_out2 so fp stays valid until smb2_open returns.
{
"affected": [],
"aliases": [
"CVE-2026-53010"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-24T17:17:12Z",
"severity": "CRITICAL"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in smb2_open during durable reconnect\n\nIn smb2_open, the call to ksmbd_put_durable_fd(fp) drops the reference\nto the durable file descriptor early during the durable reconnect\nprocess. If an error occurs subsequently (eg, ksmbd_iov_pin_rsp fails)\nor a scavenger accesses the file, it leads to a use-after-free when\naccessing fp properties (eg fp-\u003ecreate_time).\n\nMove the single put to the end of the function below err_out2 so fp\nstays valid until smb2_open returns.",
"id": "GHSA-xvgg-vwv8-fvr6",
"modified": "2026-06-28T09:31:38Z",
"published": "2026-06-24T18:32:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53010"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1baff47b81f94f9231c91236aa511420d0e266b9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/97a0cd55283b4e63fd92804da91c8d9896adcad9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ce2e164c1c51c3f7813b80f8c926836e896bcbb3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XVH2-PW6X-F8HH
Vulnerability from github – Published: 2022-05-17 00:22 – Updated: 2025-10-22 03:30Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
{
"affected": [],
"aliases": [
"CVE-2012-4969"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-09-18T10:39:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.",
"id": "GHSA-xvh2-pw6x-f8hh",
"modified": "2025-10-22T03:30:32Z",
"published": "2022-05-17T00:22:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4969"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15729"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-4969"
},
{
"type": "WEB",
"url": "http://blog.vulnhunt.com/index.php/2012/09/17/ie-execcommand-fuction-use-after-free-vulnerability-0day_en"
},
{
"type": "WEB",
"url": "http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ie_execcommand_uaf.rb"
},
{
"type": "WEB",
"url": "http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet"
},
{
"type": "WEB",
"url": "http://technet.microsoft.com/security/advisory/2757760"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/480095"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1027538"
},
{
"type": "WEB",
"url": "http://www.securityweek.com/new-internet-explorer-zero-day-being-exploited-wild"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-255A.html"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-262A.html"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-265A.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.