CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-3J7R-2W3C-9CCR
Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
{
"affected": [],
"aliases": [
"CVE-2021-21214"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-26T17:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.",
"id": "GHSA-3j7r-2w3c-9ccr",
"modified": "2022-05-24T17:48:50Z",
"published": "2022-05-24T17:48:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21214"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1170148"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202104-08"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4906"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-3J8M-JCHC-W7PR
Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-05-24 17:30The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Use after Free vulnerability via a crafted .ogg file. An attacker can exploit this to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service.
{
"affected": [],
"aliases": [
"CVE-2019-18794"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-16T13:15:00Z",
"severity": "MODERATE"
},
"details": "The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Use after Free vulnerability via a crafted .ogg file. An attacker can exploit this to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service.",
"id": "GHSA-3j8m-jchc-w7pr",
"modified": "2022-05-24T17:30:49Z",
"published": "2022-05-24T17:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18794"
},
{
"type": "WEB",
"url": "https://github.com/staufnic/CVE/tree/master/CVE-2019-18794"
},
{
"type": "WEB",
"url": "http://www.un4seen.com"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-3J9X-J374-VQ65
Vulnerability from github – Published: 2022-08-04 00:00 – Updated: 2022-08-10 00:00In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.
{
"affected": [],
"aliases": [
"CVE-2022-32293"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-03T14:15:00Z",
"severity": "HIGH"
},
"details": "In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.",
"id": "GHSA-3j9x-j374-vq65",
"modified": "2022-08-10T00:00:20Z",
"published": "2022-08-04T00:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32293"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1200190"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/connman/20220801080043.4861-1-wagi%40monom.org"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/connman/20220801080043.4861-1-wagi@monom.org"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/connman/20220801080043.4861-3-wagi%40monom.org"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/connman/20220801080043.4861-3-wagi@monom.org"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202310-21"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5231"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3JF8-X5QX-7GJM
Vulnerability from github – Published: 2022-07-19 00:00 – Updated: 2022-07-24 00:00This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16640.
{
"affected": [],
"aliases": [
"CVE-2022-28672"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-18T19:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16640.",
"id": "GHSA-3jf8-x5qx-7gjm",
"modified": "2022-07-24T00:00:36Z",
"published": "2022-07-19T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28672"
},
{
"type": "WEB",
"url": "https://www.foxit.com/support/security-bulletins.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-763"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3JF9-W25V-MFP4
Vulnerability from github – Published: 2024-06-11 18:30 – Updated: 2024-06-11 18:30Microsoft Office Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-30102"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-11T17:15:59Z",
"severity": "HIGH"
},
"details": "Microsoft Office Remote Code Execution Vulnerability",
"id": "GHSA-3jf9-w25v-mfp4",
"modified": "2024-06-11T18:30:49Z",
"published": "2024-06-11T18:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30102"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30102"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3JHF-JGRG-MCW3
Vulnerability from github – Published: 2025-11-04 21:31 – Updated: 2025-11-05 00:31An issue was discovered in the GPU driver in Samsung Mobile Processor Exynos 1480, 2400, 1580, 2500. There is a use-after-free in the Xclipse GPU Driver.
{
"affected": [],
"aliases": [
"CVE-2025-54335"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-04T21:15:39Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the GPU driver in Samsung Mobile Processor Exynos 1480, 2400, 1580, 2500. There is a use-after-free in the Xclipse GPU Driver.",
"id": "GHSA-3jhf-jgrg-mcw3",
"modified": "2025-11-05T00:31:33Z",
"published": "2025-11-04T21:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54335"
},
{
"type": "WEB",
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates"
},
{
"type": "WEB",
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54335"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3JP6-X76C-R4FV
Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37A Use-after-Free issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files could exploit a use-after-free vulnerability.
{
"affected": [],
"aliases": [
"CVE-2017-16749"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-15T23:29:00Z",
"severity": "HIGH"
},
"details": "A Use-after-Free issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files could exploit a use-after-free vulnerability.",
"id": "GHSA-3jp6-x76c-r4fv",
"modified": "2022-05-13T01:37:20Z",
"published": "2022-05-13T01:37:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16749"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102426"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3JPP-F2WM-PCVV
Vulnerability from github – Published: 2026-02-14 18:30 – Updated: 2026-06-30 03:35In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mld: cancel mlo_scan_start_wk
mlo_scan_start_wk is not canceled on disconnection. In fact, it is not canceled anywhere except in the restart cleanup, where we don't really have to.
This can cause an init-after-queue issue: if, for example, the work was queued and then drv_change_interface got executed.
This can also cause use-after-free: if the work is executed after the vif is freed.
{
"affected": [],
"aliases": [
"CVE-2026-23185"
],
"database_specific": {
"cwe_ids": [
"CWE-416",
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-14T17:15:56Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mld: cancel mlo_scan_start_wk\n\nmlo_scan_start_wk is not canceled on disconnection. In fact, it is not\ncanceled anywhere except in the restart cleanup, where we don\u0027t really\nhave to.\n\nThis can cause an init-after-queue issue: if, for example, the work was\nqueued and then drv_change_interface got executed.\n\nThis can also cause use-after-free: if the work is executed after the\nvif is freed.",
"id": "GHSA-3jpp-f2wm-pcvv",
"modified": "2026-06-30T03:35:36Z",
"published": "2026-02-14T18:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23185"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-23185"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439925"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5ff641011ab7fb63ea101251087745d9826e8ef5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9b9f52f052f4953fecd2190ae2dde3aa76d10962"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23185.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3JR5-GWFP-7MFW
Vulnerability from github – Published: 2026-02-24 15:30 – Updated: 2026-06-30 03:35JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, and Firefox ESR < 140.8.
{
"affected": [],
"aliases": [
"CVE-2026-2764"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-24T14:16:24Z",
"severity": "CRITICAL"
},
"details": "JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox \u003c 148, Firefox ESR \u003c 115.33, and Firefox ESR \u003c 140.8.",
"id": "GHSA-3jr5-gwfp-7mfw",
"modified": "2026-06-30T03:35:42Z",
"published": "2026-02-24T15:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2764"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3338"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3982"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3983"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3984"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:4022"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:4152"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:4260"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:4432"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-2764"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2012608"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442329"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2764.json"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-13"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-14"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-15"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-16"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-17"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3339"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3361"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3491"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3492"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3493"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3494"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3495"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3496"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3497"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3515"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3516"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3517"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3976"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3978"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3979"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3980"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3981"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3JRP-G9M7-98H4
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2012-4213"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-11-21T12:55:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.",
"id": "GHSA-3jrp-g9m7-98h4",
"modified": "2022-05-13T01:23:46Z",
"published": "2022-05-13T01:23:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4213"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=795708"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16761"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/51369"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/51370"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/51381"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/51434"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/51439"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/51440"
},
{
"type": "WEB",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/56638"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1636-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1638-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1638-2"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1638-3"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.