CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-2M32-7XGM-RMJ6
Vulnerability from github – Published: 2026-04-03 18:31 – Updated: 2026-04-27 15:30In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: HIDP: Fix possible UAF
This fixes the following trace caused by not dropping l2cap_conn reference when user->remove callback is called:
[ 97.809249] l2cap_conn_free: freeing conn ffff88810a171c00 [ 97.809907] CPU: 1 UID: 0 PID: 1419 Comm: repro_standalon Not tainted 7.0.0-rc1-dirty #14 PREEMPT(lazy) [ 97.809935] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-debian-1.17.0-1 04/01/2014 [ 97.809947] Call Trace: [ 97.809954] [ 97.809961] dump_stack_lvl (lib/dump_stack.c:122) [ 97.809990] l2cap_conn_free (net/bluetooth/l2cap_core.c:1808) [ 97.810017] l2cap_conn_del (./include/linux/kref.h:66 net/bluetooth/l2cap_core.c:1821 net/bluetooth/l2cap_core.c:1798) [ 97.810055] l2cap_disconn_cfm (net/bluetooth/l2cap_core.c:7347 (discriminator 1) net/bluetooth/l2cap_core.c:7340 (discriminator 1)) [ 97.810086] ? __pfx_l2cap_disconn_cfm (net/bluetooth/l2cap_core.c:7341) [ 97.810117] hci_conn_hash_flush (./include/net/bluetooth/hci_core.h:2152 (discriminator 2) net/bluetooth/hci_conn.c:2644 (discriminator 2)) [ 97.810148] hci_dev_close_sync (net/bluetooth/hci_sync.c:5360) [ 97.810180] ? __pfx_hci_dev_close_sync (net/bluetooth/hci_sync.c:5285) [ 97.810212] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221) [ 97.810242] ? up_write (./arch/x86/include/asm/atomic64_64.h:87 (discriminator 5) ./include/linux/atomic/atomic-arch-fallback.h:2852 (discriminator 5) ./include/linux/atomic/atomic-long.h:268 (discriminator 5) ./include/linux/atomic/atomic-instrumented.h:3391 (discriminator 5) kernel/locking/rwsem.c:1385 (discriminator 5) kernel/locking/rwsem.c:1643 (discriminator 5)) [ 97.810267] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221) [ 97.810290] ? rcu_is_watching (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/context_tracking.h:128 kernel/rcu/tree.c:752) [ 97.810320] hci_unregister_dev (net/bluetooth/hci_core.c:504 net/bluetooth/hci_core.c:2716) [ 97.810346] vhci_release (drivers/bluetooth/hci_vhci.c:691) [ 97.810375] ? __pfx_vhci_release (drivers/bluetooth/hci_vhci.c:678) [ 97.810404] __fput (fs/file_table.c:470) [ 97.810430] task_work_run (kernel/task_work.c:235) [ 97.810451] ? __pfx_task_work_run (kernel/task_work.c:201) [ 97.810472] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221) [ 97.810495] ? do_raw_spin_unlock (./include/asm-generic/qspinlock.h:128 (discriminator 5) kernel/locking/spinlock_debug.c:142 (discriminator 5)) [ 97.810527] do_exit (kernel/exit.c:972) [ 97.810547] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221) [ 97.810574] ? __pfx_do_exit (kernel/exit.c:897) [ 97.810594] ? lock_acquire (kernel/locking/lockdep.c:470 (discriminator 6) kernel/locking/lockdep.c:5870 (discriminator 6) kernel/locking/lockdep.c:5825 (discriminator 6)) [ 97.810616] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221) [ 97.810639] ? do_raw_spin_lock (kernel/locking/spinlock_debug.c:95 (discriminator 4) kernel/locking/spinlock_debug.c:118 (discriminator 4)) [ 97.810664] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221) [ 97.810688] ? find_held_lock (kernel/locking/lockdep.c:5350 (discriminator 1)) [ 97.810721] do_group_exit (kernel/exit.c:1093) [ 97.810745] get_signal (kernel/signal.c:3007 (discriminator 1)) [ 97.810772] ? security_file_permission (./arch/x86/include/asm/jump_label.h:37 security/security.c:2366) [ 97.810803] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221) [ 97.810826] ? vfs_read (fs/read_write.c:555) [ 97.810854] ? __pfx_get_signal (kernel/signal.c:2800) [ 97.810880] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221) [ 97.810905] ? __pfx_vfs_read (fs/read_write.c:555) [ 97.810932] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221) [ 97.810960] arch_do_signal_or_restart (arch/ ---truncated---
{
"affected": [],
"aliases": [
"CVE-2026-23462"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-03T16:16:33Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: HIDP: Fix possible UAF\n\nThis fixes the following trace caused by not dropping l2cap_conn\nreference when user-\u003eremove callback is called:\n\n[ 97.809249] l2cap_conn_free: freeing conn ffff88810a171c00\n[ 97.809907] CPU: 1 UID: 0 PID: 1419 Comm: repro_standalon Not tainted 7.0.0-rc1-dirty #14 PREEMPT(lazy)\n[ 97.809935] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-debian-1.17.0-1 04/01/2014\n[ 97.809947] Call Trace:\n[ 97.809954] \u003cTASK\u003e\n[ 97.809961] dump_stack_lvl (lib/dump_stack.c:122)\n[ 97.809990] l2cap_conn_free (net/bluetooth/l2cap_core.c:1808)\n[ 97.810017] l2cap_conn_del (./include/linux/kref.h:66 net/bluetooth/l2cap_core.c:1821 net/bluetooth/l2cap_core.c:1798)\n[ 97.810055] l2cap_disconn_cfm (net/bluetooth/l2cap_core.c:7347 (discriminator 1) net/bluetooth/l2cap_core.c:7340 (discriminator 1))\n[ 97.810086] ? __pfx_l2cap_disconn_cfm (net/bluetooth/l2cap_core.c:7341)\n[ 97.810117] hci_conn_hash_flush (./include/net/bluetooth/hci_core.h:2152 (discriminator 2) net/bluetooth/hci_conn.c:2644 (discriminator 2))\n[ 97.810148] hci_dev_close_sync (net/bluetooth/hci_sync.c:5360)\n[ 97.810180] ? __pfx_hci_dev_close_sync (net/bluetooth/hci_sync.c:5285)\n[ 97.810212] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[ 97.810242] ? up_write (./arch/x86/include/asm/atomic64_64.h:87 (discriminator 5) ./include/linux/atomic/atomic-arch-fallback.h:2852 (discriminator 5) ./include/linux/atomic/atomic-long.h:268 (discriminator 5) ./include/linux/atomic/atomic-instrumented.h:3391 (discriminator 5) kernel/locking/rwsem.c:1385 (discriminator 5) kernel/locking/rwsem.c:1643 (discriminator 5))\n[ 97.810267] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[ 97.810290] ? rcu_is_watching (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/context_tracking.h:128 kernel/rcu/tree.c:752)\n[ 97.810320] hci_unregister_dev (net/bluetooth/hci_core.c:504 net/bluetooth/hci_core.c:2716)\n[ 97.810346] vhci_release (drivers/bluetooth/hci_vhci.c:691)\n[ 97.810375] ? __pfx_vhci_release (drivers/bluetooth/hci_vhci.c:678)\n[ 97.810404] __fput (fs/file_table.c:470)\n[ 97.810430] task_work_run (kernel/task_work.c:235)\n[ 97.810451] ? __pfx_task_work_run (kernel/task_work.c:201)\n[ 97.810472] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[ 97.810495] ? do_raw_spin_unlock (./include/asm-generic/qspinlock.h:128 (discriminator 5) kernel/locking/spinlock_debug.c:142 (discriminator 5))\n[ 97.810527] do_exit (kernel/exit.c:972)\n[ 97.810547] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[ 97.810574] ? __pfx_do_exit (kernel/exit.c:897)\n[ 97.810594] ? lock_acquire (kernel/locking/lockdep.c:470 (discriminator 6) kernel/locking/lockdep.c:5870 (discriminator 6) kernel/locking/lockdep.c:5825 (discriminator 6))\n[ 97.810616] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[ 97.810639] ? do_raw_spin_lock (kernel/locking/spinlock_debug.c:95 (discriminator 4) kernel/locking/spinlock_debug.c:118 (discriminator 4))\n[ 97.810664] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[ 97.810688] ? find_held_lock (kernel/locking/lockdep.c:5350 (discriminator 1))\n[ 97.810721] do_group_exit (kernel/exit.c:1093)\n[ 97.810745] get_signal (kernel/signal.c:3007 (discriminator 1))\n[ 97.810772] ? security_file_permission (./arch/x86/include/asm/jump_label.h:37 security/security.c:2366)\n[ 97.810803] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[ 97.810826] ? vfs_read (fs/read_write.c:555)\n[ 97.810854] ? __pfx_get_signal (kernel/signal.c:2800)\n[ 97.810880] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[ 97.810905] ? __pfx_vfs_read (fs/read_write.c:555)\n[ 97.810932] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[ 97.810960] arch_do_signal_or_restart (arch/\n---truncated---",
"id": "GHSA-2m32-7xgm-rmj6",
"modified": "2026-04-27T15:30:31Z",
"published": "2026-04-03T18:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23462"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/18b1263ece6431bd78fa6b61faaef5281203741c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/21a47a119f33df9bb157326846390d7e8e1b45ba"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/45ebe5b900200ac3e01f3470506a44a447825721"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4d37fa7582aa960ba23e10a7a2596a29f37ad281"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7c805b7d1e580eececcc92470292e3dbc42bc3f5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d955ccbf91ab74d76fe9e4eab2846a7d8a173075"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dbf666e4fc9bdd975a61bf682b3f75cb0145eedd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f8b6ed2f06d3baa44f347a0fa2af52433f386463"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2M37-4H9F-8WCF
Vulnerability from github – Published: 2026-05-11 21:31 – Updated: 2026-06-30 03:36A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
{
"affected": [],
"aliases": [
"CVE-2026-28942"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-11T21:18:55Z",
"severity": "MODERATE"
},
"details": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.",
"id": "GHSA-2m37-4h9f-8wcf",
"modified": "2026-06-30T03:36:39Z",
"published": "2026-05-11T21:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28942"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127121"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127120"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127119"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127118"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127115"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127110"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28942.json"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483963"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-28942"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:28148"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:28147"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:28146"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:28114"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27804"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27785"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27728"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2M8Q-984R-F6Q8
Vulnerability from github – Published: 2022-05-14 03:09 – Updated: 2025-11-25 18:32A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
{
"affected": [],
"aliases": [
"CVE-2017-5404"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-11T21:29:00Z",
"severity": "CRITICAL"
},
"details": "A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 52, Firefox ESR \u003c 45.8, Thunderbird \u003c 52, and Thunderbird \u003c 45.8.",
"id": "GHSA-2m8q-984r-f6q8",
"modified": "2025-11-25T18:32:07Z",
"published": "2022-05-14T03:09:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5404"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1340138"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201705-06"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201705-07"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3805"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3832"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/41660"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-05"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-06"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-07"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-09"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0459.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0461.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0498.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96664"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037966"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2MC2-Q5Q3-GF79
Vulnerability from github – Published: 2022-05-19 00:00 – Updated: 2022-05-27 00:01Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.
{
"affected": [],
"aliases": [
"CVE-2022-1795"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-18T15:15:00Z",
"severity": "CRITICAL"
},
"details": "Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.",
"id": "GHSA-2mc2-q5q3-gf79",
"modified": "2022-05-27T00:01:28Z",
"published": "2022-05-19T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1795"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/c535bad50d5812d27ee5b22b54371bddec411514"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5411"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2MFH-JHF2-VX33
Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-05-24 19:09This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14529.
{
"affected": [],
"aliases": [
"CVE-2021-34850"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-04T16:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14529.",
"id": "GHSA-2mfh-jhf2-vx33",
"modified": "2022-05-24T19:09:56Z",
"published": "2022-05-24T19:09:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34850"
},
{
"type": "WEB",
"url": "https://www.foxit.com/support/security-bulletins.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-932"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-2MGM-8W3P-2GR4
Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2022-05-24 16:59Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
{
"affected": [],
"aliases": [
"CVE-2019-8187"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-17T21:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",
"id": "GHSA-2mgm-8w3p-2gr4",
"modified": "2022-05-24T16:59:22Z",
"published": "2022-05-24T16:59:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8187"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-49.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-2MGW-4F9J-94XJ
Vulnerability from github – Published: 2022-01-14 00:01 – Updated: 2022-01-15 00:02This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14897.
{
"affected": [],
"aliases": [
"CVE-2021-34919"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-13T22:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14897.",
"id": "GHSA-2mgw-4f9j-94xj",
"modified": "2022-01-15T00:02:19Z",
"published": "2022-01-14T00:01:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34919"
},
{
"type": "WEB",
"url": "https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0008"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1507"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-2MJV-M892-JVR8
Vulnerability from github – Published: 2022-10-18 12:00 – Updated: 2022-10-18 12:00A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service (DoS). When a BGP session flap happens, a Use After Free of a memory location that was assigned to another object can occur, which will lead to an rpd crash. This is a race condition that is outside of the attacker's control and cannot be deterministically exploited. Continued flapping of BGP sessions can create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: All versions prior to 18.4R2-S9, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 version 19.2R1 and later versions; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R2-S1, 21.2R3. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO.
{
"affected": [],
"aliases": [
"CVE-2022-22208"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-18T03:15:00Z",
"severity": "MODERATE"
},
"details": "A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service (DoS). When a BGP session flap happens, a Use After Free of a memory location that was assigned to another object can occur, which will lead to an rpd crash. This is a race condition that is outside of the attacker\u0027s control and cannot be deterministically exploited. Continued flapping of BGP sessions can create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: All versions prior to 18.4R2-S9, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 version 19.2R1 and later versions; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R2-S1, 21.2R3. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO.",
"id": "GHSA-2mjv-m892-jvr8",
"modified": "2022-10-18T12:00:31Z",
"published": "2022-10-18T12:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22208"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA69879"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2MM5-CHJ6-F65M
Vulnerability from github – Published: 2023-08-10 15:30 – Updated: 2024-04-04 06:47Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2023-38228"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-10T14:15:12Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-2mm5-chj6-f65m",
"modified": "2024-04-04T06:47:32Z",
"published": "2023-08-10T15:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38228"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb23-30.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2MPM-MP7X-8JHG
Vulnerability from github – Published: 2026-05-29 00:38 – Updated: 2026-05-29 12:31Use after free in Browser in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
{
"affected": [],
"aliases": [
"CVE-2026-9884"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T23:16:46Z",
"severity": "HIGH"
},
"details": "Use after free in Browser in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)",
"id": "GHSA-2mpm-mp7x-8jhg",
"modified": "2026-05-29T12:31:24Z",
"published": "2026-05-29T00:38:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9884"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/508289938"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.