Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-63MR-VMPC-C5R9

Vulnerability from github – Published: 2025-10-04 09:30 – Updated: 2026-01-27 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp()

The original code relies on cancel_delayed_work() in otx2_ptp_destroy(), which does not ensure that the delayed work item synctstamp_work has fully completed if it was already running. This leads to use-after-free scenarios where otx2_ptp is deallocated by otx2_ptp_destroy(), while synctstamp_work remains active and attempts to dereference otx2_ptp in otx2_sync_tstamp(). Furthermore, the synctstamp_work is cyclic, the likelihood of triggering the bug is nonnegligible.

A typical race condition is illustrated below:

CPU 0 (cleanup) | CPU 1 (delayed work callback) otx2_remove() | otx2_ptp_destroy() | otx2_sync_tstamp() cancel_delayed_work() | kfree(ptp) | | ptp = container_of(...); //UAF | ptp-> //UAF

This is confirmed by a KASAN report:

BUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0 Write of size 8 at addr ffff88800aa09a18 by task bash/136 ... Call Trace: dump_stack_lvl+0x55/0x70 print_report+0xcf/0x610 ? __run_timer_base.part.0+0x7d7/0x8c0 kasan_report+0xb8/0xf0 ? __run_timer_base.part.0+0x7d7/0x8c0 __run_timer_base.part.0+0x7d7/0x8c0 ? __pfxruntimer_base.part.0+0x10/0x10 ? pfx_read_tsc+0x10/0x10 ? ktime_get+0x60/0x140 ? lapic_next_event+0x11/0x20 ? clockevents_program_event+0x1d4/0x2a0 run_timer_softirq+0xd1/0x190 handle_softirqs+0x16a/0x550 irq_exit_rcu+0xaf/0xe0 sysvec_apic_timer_interrupt+0x70/0x80 ... Allocated by task 1: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x7f/0x90 otx2_ptp_init+0xb1/0x860 otx2_probe+0x4eb/0xc30 local_pci_probe+0xdc/0x190 pci_device_probe+0x2fe/0x470 really_probe+0x1ca/0x5c0 __driver_probe_device+0x248/0x310 driver_probe_device+0x44/0x120 __driver_attach+0xd2/0x310 bus_for_each_dev+0xed/0x170 bus_add_driver+0x208/0x500 driver_register+0x132/0x460 do_one_initcall+0x89/0x300 kernel_init_freeable+0x40d/0x720 kernel_init+0x1a/0x150 ret_from_fork+0x10c/0x1a0 ret_from_fork_asm+0x1a/0x30

Freed by task 136: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3a/0x60 __kasan_slab_free+0x3f/0x50 kfree+0x137/0x370 otx2_ptp_destroy+0x38/0x80 otx2_remove+0x10d/0x4c0 pci_device_remove+0xa6/0x1d0 device_release_driver_internal+0xf8/0x210 pci_stop_bus_device+0x105/0x150 pci_stop_and_remove_bus_device_locked+0x15/0x30 remove_store+0xcc/0xe0 kernfs_fop_write_iter+0x2c3/0x440 vfs_write+0x871/0xd70 ksys_write+0xee/0x1c0 do_syscall_64+0xac/0x280 entry_SYSCALL_64_after_hwframe+0x77/0x7f ...

Replace cancel_delayed_work() with cancel_delayed_work_sync() to ensure that the delayed work item is properly canceled before the otx2_ptp is deallocated.

This bug was initially identified through static analysis. To reproduce and test it, I simulated the OcteonTX2 PCI device in QEMU and introduced artificial delays within the otx2_sync_tstamp() function to increase the likelihood of triggering the bug.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-39944"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-04T08:15:47Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp()\n\nThe original code relies on cancel_delayed_work() in otx2_ptp_destroy(),\nwhich does not ensure that the delayed work item synctstamp_work has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere otx2_ptp is deallocated by otx2_ptp_destroy(), while synctstamp_work\nremains active and attempts to dereference otx2_ptp in otx2_sync_tstamp().\nFurthermore, the synctstamp_work is cyclic, the likelihood of triggering\nthe bug is nonnegligible.\n\nA typical race condition is illustrated below:\n\nCPU 0 (cleanup)           | CPU 1 (delayed work callback)\notx2_remove()             |\n  otx2_ptp_destroy()      | otx2_sync_tstamp()\n    cancel_delayed_work() |\n    kfree(ptp)            |\n                          |   ptp = container_of(...); //UAF\n                          |   ptp-\u003e //UAF\n\nThis is confirmed by a KASAN report:\n\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff88800aa09a18 by task bash/136\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? __pfx_read_tsc+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n run_timer_softirq+0xd1/0x190\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\nAllocated by task 1:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n otx2_ptp_init+0xb1/0x860\n otx2_probe+0x4eb/0xc30\n local_pci_probe+0xdc/0x190\n pci_device_probe+0x2fe/0x470\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __driver_attach+0xd2/0x310\n bus_for_each_dev+0xed/0x170\n bus_add_driver+0x208/0x500\n driver_register+0x132/0x460\n do_one_initcall+0x89/0x300\n kernel_init_freeable+0x40d/0x720\n kernel_init+0x1a/0x150\n ret_from_fork+0x10c/0x1a0\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 136:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n otx2_ptp_destroy+0x38/0x80\n otx2_remove+0x10d/0x4c0\n pci_device_remove+0xa6/0x1d0\n device_release_driver_internal+0xf8/0x210\n pci_stop_bus_device+0x105/0x150\n pci_stop_and_remove_bus_device_locked+0x15/0x30\n remove_store+0xcc/0xe0\n kernfs_fop_write_iter+0x2c3/0x440\n vfs_write+0x871/0xd70\n ksys_write+0xee/0x1c0\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the delayed work item is properly canceled before the otx2_ptp is\ndeallocated.\n\nThis bug was initially identified through static analysis. To reproduce\nand test it, I simulated the OcteonTX2 PCI device in QEMU and introduced\nartificial delays within the otx2_sync_tstamp() function to increase the\nlikelihood of triggering the bug.",
  "id": "GHSA-63mr-vmpc-c5r9",
  "modified": "2026-01-27T21:31:35Z",
  "published": "2025-10-04T09:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39944"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2786879aebf363806a13d41e8d5f99202ddd23d9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5ca20bb7b4bde72110c3ae78423cbfdd0157aa36"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d2cfefa14ce8137b17f99683f968bebf134b6a48"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f8b4687151021db61841af983f1cb7be6915d4ef"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ff27e23b311fed4d25e3852e27ba693416d4c7b3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-63P5-HW5X-J8C4

Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26
VLAI
Details

Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-3897"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-11-11T11:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing.",
  "id": "GHSA-63p5-hw5x-j8c4",
  "modified": "2022-05-13T01:26:54Z",
  "published": "2022-05-13T01:26:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3897"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73806"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14250"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/chromium/issues/detail?id=102242"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/46933"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48274"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48288"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48377"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1026774"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-63PW-WC3V-C9G9

Vulnerability from github – Published: 2023-10-12 00:30 – Updated: 2023-11-25 12:30
VLAI
Details

Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-5476"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-11T23:15:10Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
  "id": "GHSA-63pw-wc3v-c9g9",
  "modified": "2023-11-25T12:30:25Z",
  "published": "2023-10-12T00:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5476"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1474253"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202311-11"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202312-07"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-34"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5526"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-63QQ-Q3XG-F66M

Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27
VLAI
Details

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-3044"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-03-05T19:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements.",
  "id": "GHSA-63qq-q3xg-f66m",
  "modified": "2022-05-13T01:27:17Z",
  "published": "2022-05-13T01:27:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3044"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73655"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14830"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/chromium/issues/detail?id=116093"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48265"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48419"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48527"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201203-19.xml"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5400"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5485"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5503"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/52271"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1026759"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-63VG-WCHR-J5WJ

Vulnerability from github – Published: 2026-04-01 06:31 – Updated: 2026-04-01 15:31
VLAI
Details

Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5278"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-01T05:16:01Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-63vg-wchr-j5wj",
  "modified": "2026-04-01T15:31:14Z",
  "published": "2026-04-01T06:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5278"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/490254128"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-63X7-945P-47JJ

Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 21:35
VLAI
Details

Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-13789"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-30T23:16:53Z",
    "severity": "CRITICAL"
  },
  "details": "Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-63x7-945p-47jj",
  "modified": "2026-07-01T21:35:59Z",
  "published": "2026-07-01T00:34:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13789"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/493847920"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-645C-CWCV-G4W3

Vulnerability from github – Published: 2022-05-17 03:05 – Updated: 2022-05-17 03:05
VLAI
Details

PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-9138"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-04T20:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.",
  "id": "GHSA-645c-cwcv-g4w3",
  "modified": "2022-05-17T03:05:27Z",
  "published": "2022-05-17T03:05:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9138"
    },
    {
      "type": "WEB",
      "url": "https://bugs.php.net/bug.php?id=73147"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/11/01/2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95268"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6469-39Q3-J482

Vulnerability from github – Published: 2022-05-14 03:20 – Updated: 2022-05-14 03:20
VLAI
Details

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-jyb51g3mv9.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-10302"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-23T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-jyb51g3mv9.",
  "id": "GHSA-6469-39q3-j482",
  "modified": "2022-05-14T03:20:54Z",
  "published": "2022-05-14T03:20:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10302"
    },
    {
      "type": "WEB",
      "url": "https://srcincite.io/advisories/src-2018-0019"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-647J-CJRC-J33X

Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18
VLAI
Details

Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-6459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-21T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-647j-cjrc-j33x",
  "modified": "2022-05-24T17:18:15Z",
  "published": "2022-05-24T17:18:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6459"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_21.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1065298"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4714"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-648M-637P-635W

Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30
VLAI
Details

Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-32152"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-14T18:17:15Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-648m-637p-635w",
  "modified": "2026-04-14T18:30:41Z",
  "published": "2026-04-14T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32152"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32152"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.