Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9811 vulnerabilities reference this CWE, most recent first.

GHSA-25JW-M5XF-QHRJ

Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2025-04-20 03:49
VLAI
Details

ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-17499"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-11T02:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.",
  "id": "GHSA-25jw-m5xf-qhrj",
  "modified": "2025-04-20T03:49:44Z",
  "published": "2022-05-13T01:14:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17499"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/commit/8c35502217c1879cb8257c617007282eee3fe1cc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/commit/dd96d671e4d5ae22c6894c302e8996c13f24c45a"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3681-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-4074"
    },
    {
      "type": "WEB",
      "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=33078\u0026sid=5fbb164c3830293138917f9b14264ed1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102155"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-25JW-V9RV-H6H9

Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA resolveNodes method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5528.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9953"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-17T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA resolveNodes method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5528.",
  "id": "GHSA-25jw-v9rv-h6h9",
  "modified": "2022-05-13T01:31:39Z",
  "published": "2022-05-13T01:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9953"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://zerodayinitiative.com/advisories/ZDI-18-337"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-25W9-JC8C-RX9W

Vulnerability from github – Published: 2022-11-22 15:30 – Updated: 2022-11-23 21:30
VLAI
Details

Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3910"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-22T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679",
  "id": "GHSA-25w9-jc8c-rx9w",
  "modified": "2022-11-23T21:30:33Z",
  "published": "2022-11-22T15:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3910"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679"
    },
    {
      "type": "WEB",
      "url": "https://kernel.dance/#fc7222c3a9f56271fba02aabbfbae999042f1679"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-25X5-G59V-H6M3

Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2022-05-13 01:38
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.execMenuItem function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4723.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-10948"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-31T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.execMenuItem function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4723.",
  "id": "GHSA-25x5-g59v-h6m3",
  "modified": "2022-05-13T01:38:20Z",
  "published": "2022-05-13T01:38:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10948"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://zerodayinitiative.com/advisories/ZDI-17-461"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101670"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-25X9-7WCV-MF35

Vulnerability from github – Published: 2025-09-18 18:30 – Updated: 2025-12-11 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()

ret = brcmf_proto_tx_queue_data(drvr, ifp->ifidx, skb);

may be schedule, and then complete before the line

ndev->stats.tx_bytes += skb->len;

[ 46.912801] ================================================================== [ 46.920552] BUG: KASAN: use-after-free in brcmf_netdev_start_xmit+0x718/0x8c8 [brcmfmac] [ 46.928673] Read of size 4 at addr ffffff803f5882e8 by task systemd-resolve/328 [ 46.935991] [ 46.937514] CPU: 1 PID: 328 Comm: systemd-resolve Tainted: G O 5.4.199-[REDACTED] #1 [ 46.947255] Hardware name: [REDACTED] [ 46.954568] Call trace: [ 46.957037] dump_backtrace+0x0/0x2b8 [ 46.960719] show_stack+0x24/0x30 [ 46.964052] dump_stack+0x128/0x194 [ 46.967557] print_address_description.isra.0+0x64/0x380 [ 46.972877] __kasan_report+0x1d4/0x240 [ 46.976723] kasan_report+0xc/0x18 [ 46.980138] __asan_report_load4_noabort+0x18/0x20 [ 46.985027] brcmf_netdev_start_xmit+0x718/0x8c8 [brcmfmac] [ 46.990613] dev_hard_start_xmit+0x1bc/0xda0 [ 46.994894] sch_direct_xmit+0x198/0xd08 [ 46.998827] __qdisc_run+0x37c/0x1dc0 [ 47.002500] __dev_queue_xmit+0x1528/0x21f8 [ 47.006692] dev_queue_xmit+0x24/0x30 [ 47.010366] neigh_resolve_output+0x37c/0x678 [ 47.014734] ip_finish_output2+0x598/0x2458 [ 47.018927] __ip_finish_output+0x300/0x730 [ 47.023118] ip_output+0x2e0/0x430 [ 47.026530] ip_local_out+0x90/0x140 [ 47.030117] igmpv3_sendpack+0x14c/0x228 [ 47.034049] igmpv3_send_cr+0x384/0x6b8 [ 47.037895] igmp_ifc_timer_expire+0x4c/0x118 [ 47.042262] call_timer_fn+0x1cc/0xbe8 [ 47.046021] __run_timers+0x4d8/0xb28 [ 47.049693] run_timer_softirq+0x24/0x40 [ 47.053626] __do_softirq+0x2c0/0x117c [ 47.057387] irq_exit+0x2dc/0x388 [ 47.060715] __handle_domain_irq+0xb4/0x158 [ 47.064908] gic_handle_irq+0x58/0xb0 [ 47.068581] el0_irq_naked+0x50/0x5c [ 47.072162] [ 47.073665] Allocated by task 328: [ 47.077083] save_stack+0x24/0xb0 [ 47.080410] __kasan_kmalloc.isra.0+0xc0/0xe0 [ 47.084776] kasan_slab_alloc+0x14/0x20 [ 47.088622] kmem_cache_alloc+0x15c/0x468 [ 47.092643] __alloc_skb+0xa4/0x498 [ 47.096142] igmpv3_newpack+0x158/0xd78 [ 47.099987] add_grhead+0x210/0x288 [ 47.103485] add_grec+0x6b0/0xb70 [ 47.106811] igmpv3_send_cr+0x2e0/0x6b8 [ 47.110657] igmp_ifc_timer_expire+0x4c/0x118 [ 47.115027] call_timer_fn+0x1cc/0xbe8 [ 47.118785] __run_timers+0x4d8/0xb28 [ 47.122457] run_timer_softirq+0x24/0x40 [ 47.126389] __do_softirq+0x2c0/0x117c [ 47.130142] [ 47.131643] Freed by task 180: [ 47.134712] save_stack+0x24/0xb0 [ 47.138041] __kasan_slab_free+0x108/0x180 [ 47.142146] kasan_slab_free+0x10/0x18 [ 47.145904] slab_free_freelist_hook+0xa4/0x1b0 [ 47.150444] kmem_cache_free+0x8c/0x528 [ 47.154292] kfree_skbmem+0x94/0x108 [ 47.157880] consume_skb+0x10c/0x5a8 [ 47.161466] __dev_kfree_skb_any+0x88/0xa0 [ 47.165598] brcmu_pkt_buf_free_skb+0x44/0x68 [brcmutil] [ 47.171023] brcmf_txfinalize+0xec/0x190 [brcmfmac] [ 47.176016] brcmf_proto_bcdc_txcomplete+0x1c0/0x210 [brcmfmac] [ 47.182056] brcmf_sdio_sendfromq+0x8dc/0x1e80 [brcmfmac] [ 47.187568] brcmf_sdio_dpc+0xb48/0x2108 [brcmfmac] [ 47.192529] brcmf_sdio_dataworker+0xc8/0x238 [brcmfmac] [ 47.197859] process_one_work+0x7fc/0x1a80 [ 47.201965] worker_thread+0x31c/0xc40 [ 47.205726] kthread+0x2d8/0x370 [ 47.208967] ret_from_fork+0x10/0x18 [ 47.212546] [ 47.214051] The buggy address belongs to the object at ffffff803f588280 [ 47.214051] which belongs to the cache skbuff_head_cache of size 208 [ 47.227086] The buggy address is located 104 bytes inside of [ 47.227086] 208-byte region [ffffff803f588280, ffffff803f588350) [ 47.238814] The buggy address belongs to the page: [ 47.243618] page:ffffffff00dd6200 refcount:1 mapcou ---truncated---

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50408"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T16:15:44Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()\n\n\u003e ret = brcmf_proto_tx_queue_data(drvr, ifp-\u003eifidx, skb);\n\nmay be schedule, and then complete before the line\n\n\u003e ndev-\u003estats.tx_bytes += skb-\u003elen;\n\n[   46.912801] ==================================================================\n[   46.920552] BUG: KASAN: use-after-free in brcmf_netdev_start_xmit+0x718/0x8c8 [brcmfmac]\n[   46.928673] Read of size 4 at addr ffffff803f5882e8 by task systemd-resolve/328\n[   46.935991]\n[   46.937514] CPU: 1 PID: 328 Comm: systemd-resolve Tainted: G           O      5.4.199-[REDACTED] #1\n[   46.947255] Hardware name: [REDACTED]\n[   46.954568] Call trace:\n[   46.957037]  dump_backtrace+0x0/0x2b8\n[   46.960719]  show_stack+0x24/0x30\n[   46.964052]  dump_stack+0x128/0x194\n[   46.967557]  print_address_description.isra.0+0x64/0x380\n[   46.972877]  __kasan_report+0x1d4/0x240\n[   46.976723]  kasan_report+0xc/0x18\n[   46.980138]  __asan_report_load4_noabort+0x18/0x20\n[   46.985027]  brcmf_netdev_start_xmit+0x718/0x8c8 [brcmfmac]\n[   46.990613]  dev_hard_start_xmit+0x1bc/0xda0\n[   46.994894]  sch_direct_xmit+0x198/0xd08\n[   46.998827]  __qdisc_run+0x37c/0x1dc0\n[   47.002500]  __dev_queue_xmit+0x1528/0x21f8\n[   47.006692]  dev_queue_xmit+0x24/0x30\n[   47.010366]  neigh_resolve_output+0x37c/0x678\n[   47.014734]  ip_finish_output2+0x598/0x2458\n[   47.018927]  __ip_finish_output+0x300/0x730\n[   47.023118]  ip_output+0x2e0/0x430\n[   47.026530]  ip_local_out+0x90/0x140\n[   47.030117]  igmpv3_sendpack+0x14c/0x228\n[   47.034049]  igmpv3_send_cr+0x384/0x6b8\n[   47.037895]  igmp_ifc_timer_expire+0x4c/0x118\n[   47.042262]  call_timer_fn+0x1cc/0xbe8\n[   47.046021]  __run_timers+0x4d8/0xb28\n[   47.049693]  run_timer_softirq+0x24/0x40\n[   47.053626]  __do_softirq+0x2c0/0x117c\n[   47.057387]  irq_exit+0x2dc/0x388\n[   47.060715]  __handle_domain_irq+0xb4/0x158\n[   47.064908]  gic_handle_irq+0x58/0xb0\n[   47.068581]  el0_irq_naked+0x50/0x5c\n[   47.072162]\n[   47.073665] Allocated by task 328:\n[   47.077083]  save_stack+0x24/0xb0\n[   47.080410]  __kasan_kmalloc.isra.0+0xc0/0xe0\n[   47.084776]  kasan_slab_alloc+0x14/0x20\n[   47.088622]  kmem_cache_alloc+0x15c/0x468\n[   47.092643]  __alloc_skb+0xa4/0x498\n[   47.096142]  igmpv3_newpack+0x158/0xd78\n[   47.099987]  add_grhead+0x210/0x288\n[   47.103485]  add_grec+0x6b0/0xb70\n[   47.106811]  igmpv3_send_cr+0x2e0/0x6b8\n[   47.110657]  igmp_ifc_timer_expire+0x4c/0x118\n[   47.115027]  call_timer_fn+0x1cc/0xbe8\n[   47.118785]  __run_timers+0x4d8/0xb28\n[   47.122457]  run_timer_softirq+0x24/0x40\n[   47.126389]  __do_softirq+0x2c0/0x117c\n[   47.130142]\n[   47.131643] Freed by task 180:\n[   47.134712]  save_stack+0x24/0xb0\n[   47.138041]  __kasan_slab_free+0x108/0x180\n[   47.142146]  kasan_slab_free+0x10/0x18\n[   47.145904]  slab_free_freelist_hook+0xa4/0x1b0\n[   47.150444]  kmem_cache_free+0x8c/0x528\n[   47.154292]  kfree_skbmem+0x94/0x108\n[   47.157880]  consume_skb+0x10c/0x5a8\n[   47.161466]  __dev_kfree_skb_any+0x88/0xa0\n[   47.165598]  brcmu_pkt_buf_free_skb+0x44/0x68 [brcmutil]\n[   47.171023]  brcmf_txfinalize+0xec/0x190 [brcmfmac]\n[   47.176016]  brcmf_proto_bcdc_txcomplete+0x1c0/0x210 [brcmfmac]\n[   47.182056]  brcmf_sdio_sendfromq+0x8dc/0x1e80 [brcmfmac]\n[   47.187568]  brcmf_sdio_dpc+0xb48/0x2108 [brcmfmac]\n[   47.192529]  brcmf_sdio_dataworker+0xc8/0x238 [brcmfmac]\n[   47.197859]  process_one_work+0x7fc/0x1a80\n[   47.201965]  worker_thread+0x31c/0xc40\n[   47.205726]  kthread+0x2d8/0x370\n[   47.208967]  ret_from_fork+0x10/0x18\n[   47.212546]\n[   47.214051] The buggy address belongs to the object at ffffff803f588280\n[   47.214051]  which belongs to the cache skbuff_head_cache of size 208\n[   47.227086] The buggy address is located 104 bytes inside of\n[   47.227086]  208-byte region [ffffff803f588280, ffffff803f588350)\n[   47.238814] The buggy address belongs to the page:\n[   47.243618] page:ffffffff00dd6200 refcount:1 mapcou\n---truncated---",
  "id": "GHSA-25x9-7wcv-mf35",
  "modified": "2025-12-11T15:30:30Z",
  "published": "2025-09-18T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50408"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1613a7b24f1a7467cb727ba3ec77c9a808383560"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/232d59eca07f6ea27307022a33d226aff373bd02"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/27574a3f421c3a1694d0207f37c6bbf23d66978e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3f42faf6db431e04bf942d2ebe3ae88975723478"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/49c742afd60f552fce7799287080db02bffe1db2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c369836cff98d3877f98c98e15c0151462812d96"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d79f4d903e14dde822c60b5fd3bedc5a289d25df"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e01d96494a9de0f48b1167f0494f6d929fa773ed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-25XP-GRV3-XWJH

Vulnerability from github – Published: 2022-05-14 03:42 – Updated: 2022-05-14 03:42
VLAI
Details

Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a crafted PDF file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-6168"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-07T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a crafted PDF file.",
  "id": "GHSA-25xp-grv3-xwjh",
  "modified": "2022-05-14T03:42:26Z",
  "published": "2022-05-14T03:42:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6168"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/zeroday/FG-VD-16-021"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2625-J643-GG22

Vulnerability from github – Published: 2024-05-31 21:30 – Updated: 2025-11-03 21:31
VLAI
Details

libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-36844"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-31T20:15:10Z",
    "severity": "HIGH"
  },
  "details": "libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx-\u003ebackend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.",
  "id": "GHSA-2625-j643-gg22",
  "modified": "2025-11-03T21:31:07Z",
  "published": "2024-05-31T21:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36844"
    },
    {
      "type": "WEB",
      "url": "https://github.com/stephane/libmodbus/issues/749"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00010.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2628-4JVP-96VC

Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-10 21:31
VLAI
Details

Use-after-free in the Audio/Video: GMP component. This vulnerability affects Firefox < 146.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-14326"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-09T16:17:40Z",
    "severity": "CRITICAL"
  },
  "details": "Use-after-free in the Audio/Video: GMP component. This vulnerability affects Firefox \u003c 146.",
  "id": "GHSA-2628-4jvp-96vc",
  "modified": "2025-12-10T21:31:30Z",
  "published": "2025-12-09T18:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14326"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1840666"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-92"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-95"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-263G-JQJ9-RWXM

Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2023-02-01 21:30
VLAI
Details

In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-204584366

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20920"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-26T21:18:00Z",
    "severity": "HIGH"
  },
  "details": "In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-204584366",
  "id": "GHSA-263g-jqj9-rwxm",
  "modified": "2023-02-01T21:30:24Z",
  "published": "2023-01-26T21:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20920"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2023-01-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-266H-7G3R-4J2M

Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the delay property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7157.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-17682"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-24T04:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the delay property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7157.",
  "id": "GHSA-266h-7g3r-4j2m",
  "modified": "2022-05-13T01:33:52Z",
  "published": "2022-05-13T01:33:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17682"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1151"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.