CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9813 vulnerabilities reference this CWE, most recent first.
GHSA-73P8-MQVC-83H2
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2022-05-24 16:46Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
{
"affected": [],
"aliases": [
"CVE-2019-7031"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-24T19:29:00Z",
"severity": "CRITICAL"
},
"details": "Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",
"id": "GHSA-73p8-mqvc-83h2",
"modified": "2022-05-24T16:46:39Z",
"published": "2022-05-24T16:46:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7031"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-73PJ-JQMG-PMR5
Vulnerability from github – Published: 2024-02-28 09:30 – Updated: 2024-12-06 15:31In the Linux kernel, the following vulnerability has been resolved:
i40e: Fix use-after-free in i40e_client_subtask()
Currently the call to i40e_client_del_instance frees the object pf->cinst, however pf->cinst->lan_info is being accessed after the free. Fix this by adding the missing return.
Addresses-Coverity: ("Read from pointer after free")
{
"affected": [],
"aliases": [
"CVE-2021-46991"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-28T09:15:37Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix use-after-free in i40e_client_subtask()\n\nCurrently the call to i40e_client_del_instance frees the object\npf-\u003ecinst, however pf-\u003ecinst-\u003elan_info is being accessed after\nthe free. Fix this by adding the missing return.\n\nAddresses-Coverity: (\"Read from pointer after free\")",
"id": "GHSA-73pj-jqmg-pmr5",
"modified": "2024-12-06T15:31:19Z",
"published": "2024-02-28T09:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46991"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1fd5d262e7442192ac7611ff1597a36c5b044323"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/38318f23a7ef86a8b1862e5e8078c4de121960c3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4ebc10aa7cd17fd9857dedac69600465c9dd16d1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/829a713450b8fb127cbabfc1244c1d8179ec5107"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c1322eaeb8af0d8985b5cc5fa759140fa0e57b84"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d718c15a2bf9ae082d5ae4d177fb19ef23cb4132"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-73QX-88CC-GWVW
Vulnerability from github – Published: 2022-05-14 03:23 – Updated: 2022-05-14 03:23In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, a Use After Free condition can occur in RIL while handling requests from Android.
{
"affected": [],
"aliases": [
"CVE-2018-3590"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-11T15:29:00Z",
"severity": "CRITICAL"
},
"details": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, a Use After Free condition can occur in RIL while handling requests from Android.",
"id": "GHSA-73qx-88cc-gwvw",
"modified": "2022-05-14T03:23:46Z",
"published": "2022-05-14T03:23:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3590"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103671"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-73R4-HWF4-P5QM
Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-50175"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-14T17:15:43Z",
"severity": "HIGH"
},
"details": "Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-73r4-hwf4-p5qm",
"modified": "2025-10-14T18:30:29Z",
"published": "2025-10-14T18:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50175"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50175"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-742P-C75R-3HMV
Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2022-05-24 19:16Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetIcon action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-39836"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-29T16:15:00Z",
"severity": "HIGH"
},
"details": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetIcon action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-742p-c75r-3hmv",
"modified": "2022-05-24T19:16:07Z",
"published": "2022-05-24T19:16:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39836"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7437-H333-6P8J
Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix use after free on unload
System crash is observed with stack trace warning of use after free. There are 2 signals to tell dpc_thread to terminate (UNLOADING flag and kthread_stop).
On setting the UNLOADING flag when dpc_thread happens to run at the time and sees the flag, this causes dpc_thread to exit and clean up itself. When kthread_stop is called for final cleanup, this causes use after free.
Remove UNLOADING signal to terminate dpc_thread. Use the kthread_stop as the main signal to exit dpc_thread.
[596663.812935] kernel BUG at mm/slub.c:294! [596663.812950] invalid opcode: 0000 [#1] SMP PTI [596663.812957] CPU: 13 PID: 1475935 Comm: rmmod Kdump: loaded Tainted: G IOE --------- - - 4.18.0-240.el8.x86_64 #1 [596663.812960] Hardware name: HP ProLiant DL380p Gen8, BIOS P70 08/20/2012 [596663.812974] RIP: 0010:__slab_free+0x17d/0x360
... [596663.813008] Call Trace: [596663.813022] ? __dentry_kill+0x121/0x170 [596663.813030] ? _cond_resched+0x15/0x30 [596663.813034] ? _cond_resched+0x15/0x30 [596663.813039] ? wait_for_completion+0x35/0x190 [596663.813048] ? try_to_wake_up+0x63/0x540 [596663.813055] free_task+0x5a/0x60 [596663.813061] kthread_stop+0xf3/0x100 [596663.813103] qla2x00_remove_one+0x284/0x440 [qla2xxx]
{
"affected": [],
"aliases": [
"CVE-2024-56623"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T15:15:21Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix use after free on unload\n\nSystem crash is observed with stack trace warning of use after\nfree. There are 2 signals to tell dpc_thread to terminate (UNLOADING\nflag and kthread_stop).\n\nOn setting the UNLOADING flag when dpc_thread happens to run at the time\nand sees the flag, this causes dpc_thread to exit and clean up\nitself. When kthread_stop is called for final cleanup, this causes use\nafter free.\n\nRemove UNLOADING signal to terminate dpc_thread. Use the kthread_stop\nas the main signal to exit dpc_thread.\n\n[596663.812935] kernel BUG at mm/slub.c:294!\n[596663.812950] invalid opcode: 0000 [#1] SMP PTI\n[596663.812957] CPU: 13 PID: 1475935 Comm: rmmod Kdump: loaded Tainted: G IOE --------- - - 4.18.0-240.el8.x86_64 #1\n[596663.812960] Hardware name: HP ProLiant DL380p Gen8, BIOS P70 08/20/2012\n[596663.812974] RIP: 0010:__slab_free+0x17d/0x360\n\n...\n[596663.813008] Call Trace:\n[596663.813022] ? __dentry_kill+0x121/0x170\n[596663.813030] ? _cond_resched+0x15/0x30\n[596663.813034] ? _cond_resched+0x15/0x30\n[596663.813039] ? wait_for_completion+0x35/0x190\n[596663.813048] ? try_to_wake_up+0x63/0x540\n[596663.813055] free_task+0x5a/0x60\n[596663.813061] kthread_stop+0xf3/0x100\n[596663.813103] qla2x00_remove_one+0x284/0x440 [qla2xxx]",
"id": "GHSA-7437-h333-6p8j",
"modified": "2025-11-03T21:31:56Z",
"published": "2024-12-27T15:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56623"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/07c903db0a2ff84b68efa1a74a4de353ea591eb0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/12f04fc8580eafb0510f805749553eb6213f323e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/15369e774f27ec790f207de87c0b541e3f90b22d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6abf16d3c915b2feb68c1c8b25fcb71b13f98478"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b3e6f25176f248762a24d25ab8cf8c5e90874f80"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ca36d9d53745d5ec8946ef85006d4da605ea7c54"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-743R-M8C7-27H7
Vulnerability from github – Published: 2023-03-29 21:30 – Updated: 2023-04-06 21:30This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18626.
{
"affected": [],
"aliases": [
"CVE-2022-43637"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-29T19:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18626.",
"id": "GHSA-743r-m8c7-27h7",
"modified": "2023-04-06T21:30:21Z",
"published": "2023-03-29T21:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43637"
},
{
"type": "WEB",
"url": "https://www.foxit.com/support/security-bulletins.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1657"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7466-QH58-434W
Vulnerability from github – Published: 2024-09-02 12:30 – Updated: 2024-09-02 12:30Memory corruption while processing concurrent IOCTL calls.
{
"affected": [],
"aliases": [
"CVE-2024-38401"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-02T12:15:18Z",
"severity": "HIGH"
},
"details": "Memory corruption while processing concurrent IOCTL calls.",
"id": "GHSA-7466-qh58-434w",
"modified": "2024-09-02T12:30:45Z",
"published": "2024-09-02T12:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38401"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-747F-WH5X-MP2P
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-30 21:30In the Linux kernel, the following vulnerability has been resolved:
net: usb: fix possible use-after-free in smsc75xx_bind
The commit 46a8b29c6306 ("net: usb: fix memory leak in smsc75xx_bind") fails to clean up the work scheduled in smsc75xx_reset-> smsc75xx_set_multicast, which leads to use-after-free if the work is scheduled to start after the deallocation. In addition, this patch also removes a dangling pointer - dev->data[0].
This patch calls cancel_work_sync to cancel the scheduled work and set the dangling pointer to NULL.
{
"affected": [],
"aliases": [
"CVE-2021-47239"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:13Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: fix possible use-after-free in smsc75xx_bind\n\nThe commit 46a8b29c6306 (\"net: usb: fix memory leak in smsc75xx_bind\")\nfails to clean up the work scheduled in smsc75xx_reset-\u003e\nsmsc75xx_set_multicast, which leads to use-after-free if the work is\nscheduled to start after the deallocation. In addition, this patch\nalso removes a dangling pointer - dev-\u003edata[0].\n\nThis patch calls cancel_work_sync to cancel the scheduled work and set\nthe dangling pointer to NULL.",
"id": "GHSA-747f-wh5x-mp2p",
"modified": "2024-12-30T21:30:46Z",
"published": "2024-05-21T15:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47239"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/14616c372a7be01a2fb8c56c9d8debd232b9e43d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2fc8300c9cfa5167fcb5b1a2a07db6f53e82f59b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4252bf6c2b245f47011098113d405ffad6ad5d5b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/56b786d86694e079d8aad9b314e015cd4ac02a3d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/570a52cf3e01d19f7fd1a251dfc52b0cd86c13cb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/64160d1741a3de5204d1a822e058e0b4cc526504"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7cc8b2e05fcea6edd022d26e82091d781af8fd9b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c4e3be2e7742863e454ce31faf8fd0109c00050b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-74FF-R9Q5-73VP
Vulnerability from github – Published: 2022-05-14 02:58 – Updated: 2022-05-14 02:58FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later.
{
"affected": [],
"aliases": [
"CVE-2018-1999013"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-23T15:29:00Z",
"severity": "MODERATE"
},
"details": "FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later.",
"id": "GHSA-74ff-r9q5-73vp",
"modified": "2022-05-14T02:58:55Z",
"published": "2022-05-14T02:58:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://github.com/FFmpeg/FFmpeg/commit/a7e032a277452366771951e29fd0bf2bd5c029f0"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104896"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.