Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-2HQ5-5VH4-F96J

Vulnerability from github – Published: 2022-04-06 00:01 – Updated: 2022-04-09 00:00
VLAI
Details

Use after free in Web Search in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via profile destruction.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0456"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-05T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Web Search in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via profile destruction.",
  "id": "GHSA-2hq5-5vh4-f96j",
  "modified": "2022-04-09T00:00:33Z",
  "published": "2022-04-06T00:01:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0456"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1289523"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2HRR-R3HG-FJC2

Vulnerability from github – Published: 2022-05-24 21:59 – Updated: 2025-11-25 18:32
VLAI
Details

A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-9790"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-26T17:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.6, Firefox ESR \u003c 60.6, and Firefox \u003c 66.",
  "id": "GHSA-2hrr-r3hg-fjc2",
  "modified": "2025-11-25T18:32:15Z",
  "published": "2022-05-24T21:59:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9790"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:0966"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1144"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1525145"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-07"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-08"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2HV4-552M-4MW7

Vulnerability from github – Published: 2022-05-14 03:10 – Updated: 2025-11-25 18:32
VLAI
Details

A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-7752"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-11T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
  "id": "GHSA-2hv4-552m-4mw7",
  "modified": "2025-11-25T18:32:08Z",
  "published": "2022-05-14T03:10:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7752"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1440"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1561"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1359547"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-3881"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-3918"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-15"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-16"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-17"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99057"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038689"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2HVG-8MMR-F5MC

Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-06-01 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: em28xx: fix use-after-free in em28xx_v4l2_open()

em28xx_v4l2_open() reads dev->v4l2 without holding dev->lock, creating a race with em28xx_v4l2_init()'s error path and em28xx_v4l2_fini(), both of which free the em28xx_v4l2 struct and set dev->v4l2 to NULL under dev->lock.

This race leads to two issues: - use-after-free in v4l2_fh_init() when accessing vdev->ctrl_handler, since the video_device is embedded in the freed em28xx_v4l2 struct. - NULL pointer dereference in em28xx_resolution_set() when accessing v4l2->norm, since dev->v4l2 has been set to NULL.

Fix this by moving the mutex_lock() before the dev->v4l2 read and adding a NULL check for dev->v4l2 under the lock.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31583"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-24T15:16:33Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: em28xx: fix use-after-free in em28xx_v4l2_open()\n\nem28xx_v4l2_open() reads dev-\u003ev4l2 without holding dev-\u003elock,\ncreating a race with em28xx_v4l2_init()\u0027s error path and\nem28xx_v4l2_fini(), both of which free the em28xx_v4l2 struct\nand set dev-\u003ev4l2 to NULL under dev-\u003elock.\n\nThis race leads to two issues:\n - use-after-free in v4l2_fh_init() when accessing vdev-\u003ectrl_handler,\n   since the video_device is embedded in the freed em28xx_v4l2 struct.\n - NULL pointer dereference in em28xx_resolution_set() when accessing\n   v4l2-\u003enorm, since dev-\u003ev4l2 has been set to NULL.\n\nFix this by moving the mutex_lock() before the dev-\u003ev4l2 read and\nadding a NULL check for dev-\u003ev4l2 under the lock.",
  "id": "GHSA-2hvg-8mmr-f5mc",
  "modified": "2026-06-01T18:31:25Z",
  "published": "2026-04-24T15:32:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31583"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2cbf81f76842e46bdf25823c70e1db4044a65678"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/38a327221f7f765e7d853b7bafe47e342441ec85"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3c0283a59e36e3707c4a81f4952e362d31f876b8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5fb2940327722b4684d2f964b54c1c90aa277324"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6b9e66437cc6123ddedac141e1b8b6fcf57d2972"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/871b8ea8ef39a6c253594649f4339378fad3d0dd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a66485a934c7187ae8e36517d40615fa2e961cff"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b5d141ea15f173f15b9f0a72965902f3428c0d92"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dd2b888e08d3b3d6aacd65d76cd44fac11da750f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2HWQ-HRJC-WWR4

Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2024-04-04 00:54
VLAI
Details

An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20356"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-10T17:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.",
  "id": "GHSA-2hwq-hrjc-wwr4",
  "modified": "2024-04-04T00:54:50Z",
  "published": "2022-05-24T16:47:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20356"
    },
    {
      "type": "WEB",
      "url": "https://github.com/insi2304/mongoose-6.13-fuzz/blob/master/Simplest_Web_Server_Use_After_Free-read_mg_http_free_proto_data_cgi.png"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2HWR-P3MH-H7F6

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-11-24 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

sctp: handle the error returned from sctp_auth_asoc_init_active_key

When it returns an error from sctp_auth_asoc_init_active_key(), the active_key is actually not updated. The old sh_key will be freeed while it's still used as active key in asoc. Then an use-after-free will be triggered when sending patckets, as found by syzbot:

sctp_auth_shkey_hold+0x22/0xa0 net/sctp/auth.c:112 sctp_set_owner_w net/sctp/socket.c:132 [inline] sctp_sendmsg_to_asoc+0xbd5/0x1a20 net/sctp/socket.c:1863 sctp_sendmsg+0x1053/0x1d50 net/sctp/socket.c:2025 inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:819 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:734

This patch is to fix it by not replacing the sh_key when it returns errors from sctp_auth_asoc_init_active_key() in sctp_auth_set_key(). For sctp_auth_set_active_key(), old active_key_id will be set back to asoc->active_key_id when the same thing happens.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50243"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T14:15:34Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: handle the error returned from sctp_auth_asoc_init_active_key\n\nWhen it returns an error from sctp_auth_asoc_init_active_key(), the\nactive_key is actually not updated. The old sh_key will be freeed\nwhile it\u0027s still used as active key in asoc. Then an use-after-free\nwill be triggered when sending patckets, as found by syzbot:\n\n  sctp_auth_shkey_hold+0x22/0xa0 net/sctp/auth.c:112\n  sctp_set_owner_w net/sctp/socket.c:132 [inline]\n  sctp_sendmsg_to_asoc+0xbd5/0x1a20 net/sctp/socket.c:1863\n  sctp_sendmsg+0x1053/0x1d50 net/sctp/socket.c:2025\n  inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:819\n  sock_sendmsg_nosec net/socket.c:714 [inline]\n  sock_sendmsg+0xcf/0x120 net/socket.c:734\n\nThis patch is to fix it by not replacing the sh_key when it returns\nerrors from sctp_auth_asoc_init_active_key() in sctp_auth_set_key().\nFor sctp_auth_set_active_key(), old active_key_id will be set back\nto asoc-\u003eactive_key_id when the same thing happens.",
  "id": "GHSA-2hwr-p3mh-h7f6",
  "modified": "2025-11-24T21:30:56Z",
  "published": "2025-09-15T15:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50243"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/022152aaebe116a25c39818a07e175a8cd3c1e11"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0f90099d18e3abdc01babf686f41f63fe04939c1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/19d636b663e0e92951bba5fced929ca7fd25c552"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/382ff44716603a54f5fd238ddec6a2468e217612"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3b0fcf5e29c0940e1169ce9c44f73edd98bdf12d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b8fa99a3a11bdd77fef6b4a97f1021eb30b5ba40"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f65955340e0044f5c41ac799a01698ac7dee8a4e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2J29-6F2F-79FX

Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-15 21:30
VLAI
Details

A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-55644"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-15T20:16:23Z",
    "severity": "MODERATE"
  },
  "details": "A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.",
  "id": "GHSA-2j29-6f2f-79fx",
  "modified": "2026-06-15T21:30:37Z",
  "published": "2026-06-15T21:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55644"
    },
    {
      "type": "WEB",
      "url": "https://infosec.exchange/@sigdevel/116736836762980573"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/06/13/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2J2W-8GVJ-WJMJ

Vulnerability from github – Published: 2023-07-11 12:30 – Updated: 2024-04-04 05:56
VLAI
Details

A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3269"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-11T12:15:10Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.",
  "id": "GHSA-2j2w-8gvj-wjmj",
  "modified": "2024-04-04T05:56:14Z",
  "published": "2023-07-11T12:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3269"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-3269"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215268"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6AAA64CUPSMBW6XDTXPQJ3KQWYQ4K7L"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230908-0001"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2023/07/05/1"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Jul/43"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/07/28/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/08/25/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/08/25/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2J4W-P7QH-8G4G

Vulnerability from github – Published: 2022-07-28 00:00 – Updated: 2022-08-04 00:00
VLAI
Details

Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1866"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-27T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions.",
  "id": "GHSA-2j4w-p7qh-8g4g",
  "modified": "2022-08-04T00:00:23Z",
  "published": "2022-07-28T00:00:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1866"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1292264"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-25"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2J56-FCWX-7Q33

Vulnerability from github – Published: 2022-05-14 01:57 – Updated: 2022-05-14 01:57
VLAI
Details

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16295"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-08T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",
  "id": "GHSA-2j56-fcwx-7q33",
  "modified": "2022-05-14T01:57:31Z",
  "published": "2022-05-14T01:57:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16295"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041769"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.