Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9811 vulnerabilities reference this CWE, most recent first.

GHSA-7MR2-XJ43-VFV8

Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30
VLAI
Details

Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-33028"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-05T15:15:53Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.",
  "id": "GHSA-7mr2-xj43-vfv8",
  "modified": "2024-08-05T15:30:53Z",
  "published": "2024-08-05T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33028"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7MV8-QR93-J282

Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2026-02-19 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: dsa: free routing table on probe failure

If complete = true in dsa_tree_setup(), it means that we are the last switch of the tree which is successfully probing, and we should be setting up all switches from our probe path.

After "complete" becomes true, dsa_tree_setup_cpu_ports() or any subsequent function may fail. If that happens, the entire tree setup is in limbo: the first N-1 switches have successfully finished probing (doing nothing but having allocated persistent memory in the tree's dst->ports, and maybe dst->rtable), and switch N failed to probe, ending the tree setup process before anything is tangible from the user's PoV.

If switch N fails to probe, its memory (ports) will be freed and removed from dst->ports. However, the dst->rtable elements pointing to its ports, as created by dsa_link_touch(), will remain there, and will lead to use-after-free if dereferenced.

If dsa_tree_setup_switches() returns -EPROBE_DEFER, which is entirely possible because that is where ds->ops->setup() is, we get a kasan report like this:

================================================================== BUG: KASAN: slab-use-after-free in mv88e6xxx_setup_upstream_port+0x240/0x568 Read of size 8 at addr ffff000004f56020 by task kworker/u8:3/42

Call trace: __asan_report_load8_noabort+0x20/0x30 mv88e6xxx_setup_upstream_port+0x240/0x568 mv88e6xxx_setup+0xebc/0x1eb0 dsa_register_switch+0x1af4/0x2ae0 mv88e6xxx_register_switch+0x1b8/0x2a8 mv88e6xxx_probe+0xc4c/0xf60 mdio_probe+0x78/0xb8 really_probe+0x2b8/0x5a8 __driver_probe_device+0x164/0x298 driver_probe_device+0x78/0x258 __device_attach_driver+0x274/0x350

Allocated by task 42: __kasan_kmalloc+0x84/0xa0 __kmalloc_cache_noprof+0x298/0x490 dsa_switch_touch_ports+0x174/0x3d8 dsa_register_switch+0x800/0x2ae0 mv88e6xxx_register_switch+0x1b8/0x2a8 mv88e6xxx_probe+0xc4c/0xf60 mdio_probe+0x78/0xb8 really_probe+0x2b8/0x5a8 __driver_probe_device+0x164/0x298 driver_probe_device+0x78/0x258 __device_attach_driver+0x274/0x350

Freed by task 42: __kasan_slab_free+0x48/0x68 kfree+0x138/0x418 dsa_register_switch+0x2694/0x2ae0 mv88e6xxx_register_switch+0x1b8/0x2a8 mv88e6xxx_probe+0xc4c/0xf60 mdio_probe+0x78/0xb8 really_probe+0x2b8/0x5a8 __driver_probe_device+0x164/0x298 driver_probe_device+0x78/0x258 __device_attach_driver+0x274/0x350

The simplest way to fix the bug is to delete the routing table in its entirety. dsa_tree_setup_routing_table() has no problem in regenerating it even if we deleted links between ports other than those of switch N, because dsa_link_touch() first checks whether the port pair already exists in dst->rtable, allocating if not.

The deletion of the routing table in its entirety already exists in dsa_tree_teardown(), so refactor that into a function that can also be called from the tree setup error path.

In my analysis of the commit to blame, it is the one which added dsa_link elements to dst->rtable. Prior to that, each switch had its own ds->rtable which is freed when the switch fails to probe. But the tree is potentially persistent memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-37786"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T14:15:42Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: free routing table on probe failure\n\nIf complete = true in dsa_tree_setup(), it means that we are the last\nswitch of the tree which is successfully probing, and we should be\nsetting up all switches from our probe path.\n\nAfter \"complete\" becomes true, dsa_tree_setup_cpu_ports() or any\nsubsequent function may fail. If that happens, the entire tree setup is\nin limbo: the first N-1 switches have successfully finished probing\n(doing nothing but having allocated persistent memory in the tree\u0027s\ndst-\u003eports, and maybe dst-\u003ertable), and switch N failed to probe, ending\nthe tree setup process before anything is tangible from the user\u0027s PoV.\n\nIf switch N fails to probe, its memory (ports) will be freed and removed\nfrom dst-\u003eports. However, the dst-\u003ertable elements pointing to its ports,\nas created by dsa_link_touch(), will remain there, and will lead to\nuse-after-free if dereferenced.\n\nIf dsa_tree_setup_switches() returns -EPROBE_DEFER, which is entirely\npossible because that is where ds-\u003eops-\u003esetup() is, we get a kasan\nreport like this:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mv88e6xxx_setup_upstream_port+0x240/0x568\nRead of size 8 at addr ffff000004f56020 by task kworker/u8:3/42\n\nCall trace:\n __asan_report_load8_noabort+0x20/0x30\n mv88e6xxx_setup_upstream_port+0x240/0x568\n mv88e6xxx_setup+0xebc/0x1eb0\n dsa_register_switch+0x1af4/0x2ae0\n mv88e6xxx_register_switch+0x1b8/0x2a8\n mv88e6xxx_probe+0xc4c/0xf60\n mdio_probe+0x78/0xb8\n really_probe+0x2b8/0x5a8\n __driver_probe_device+0x164/0x298\n driver_probe_device+0x78/0x258\n __device_attach_driver+0x274/0x350\n\nAllocated by task 42:\n __kasan_kmalloc+0x84/0xa0\n __kmalloc_cache_noprof+0x298/0x490\n dsa_switch_touch_ports+0x174/0x3d8\n dsa_register_switch+0x800/0x2ae0\n mv88e6xxx_register_switch+0x1b8/0x2a8\n mv88e6xxx_probe+0xc4c/0xf60\n mdio_probe+0x78/0xb8\n really_probe+0x2b8/0x5a8\n __driver_probe_device+0x164/0x298\n driver_probe_device+0x78/0x258\n __device_attach_driver+0x274/0x350\n\nFreed by task 42:\n __kasan_slab_free+0x48/0x68\n kfree+0x138/0x418\n dsa_register_switch+0x2694/0x2ae0\n mv88e6xxx_register_switch+0x1b8/0x2a8\n mv88e6xxx_probe+0xc4c/0xf60\n mdio_probe+0x78/0xb8\n really_probe+0x2b8/0x5a8\n __driver_probe_device+0x164/0x298\n driver_probe_device+0x78/0x258\n __device_attach_driver+0x274/0x350\n\nThe simplest way to fix the bug is to delete the routing table in its\nentirety. dsa_tree_setup_routing_table() has no problem in regenerating\nit even if we deleted links between ports other than those of switch N,\nbecause dsa_link_touch() first checks whether the port pair already\nexists in dst-\u003ertable, allocating if not.\n\nThe deletion of the routing table in its entirety already exists in\ndsa_tree_teardown(), so refactor that into a function that can also be\ncalled from the tree setup error path.\n\nIn my analysis of the commit to blame, it is the one which added\ndsa_link elements to dst-\u003ertable. Prior to that, each switch had its own\nds-\u003ertable which is freed when the switch fails to probe. But the tree\nis potentially persistent memory.",
  "id": "GHSA-7mv8-qr93-j282",
  "modified": "2026-02-19T18:31:42Z",
  "published": "2025-05-01T15:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37786"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/51df5513cca6349d0bea01bab95cd96cf869976e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5c8066fbdb9653c6e9a224bdcd8f9c91a484f0de"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6c20894d21600ca1e8549086dfbb986e277bf8a6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8bf108d7161ffc6880ad13a0cc109de3cf631727"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a038f5f15af455dfe35bc68549e02b950978700a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fb12b460ec46c9efad98de6d9ba349691db51dc7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7MVJ-G7GP-J4H5

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48
VLAI
Details

Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21207"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-26T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.",
  "id": "GHSA-7mvj-g7gp-j4h5",
  "modified": "2022-05-24T17:48:45Z",
  "published": "2022-05-24T17:48:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21207"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1185732"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202104-08"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4906"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-7MXX-778X-3HWG

Vulnerability from github – Published: 2022-10-27 12:00 – Updated: 2022-10-28 19:00
VLAI
Details

A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_LinearReader::Advance of the file Ap4LinearReader.cpp of the component mp42ts. The manipulation leads to use after free. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212006 is the identifier assigned to this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3666"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-26T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_LinearReader::Advance of the file Ap4LinearReader.cpp of the component mp42ts. The manipulation leads to use after free. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212006 is the identifier assigned to this vulnerability.",
  "id": "GHSA-7mxx-778x-3hwg",
  "modified": "2022-10-28T19:00:33Z",
  "published": "2022-10-27T12:00:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3666"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/793"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/files/9744391/mp42ts_poc.zip"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.212006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7P2H-V67M-X5QX

Vulnerability from github – Published: 2025-05-27 15:31 – Updated: 2025-11-03 18:31
VLAI
Details

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-48798"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-27T14:15:24Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.",
  "id": "GHSA-7p2h-v67m-x5qx",
  "modified": "2025-11-03T18:31:17Z",
  "published": "2025-05-27T15:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48798"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:9162"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:9165"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:9308"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:9309"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:9310"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:9314"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:9315"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:9316"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:9501"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:9569"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-48798"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368557"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/11822"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7P34-9Q56-JM92

Vulnerability from github – Published: 2024-01-11 00:30 – Updated: 2025-11-04 21:31
VLAI
Details

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-42870"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-10T22:15:50Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.",
  "id": "GHSA-7p34-9q56-jm92",
  "modified": "2025-11-04T21:31:03Z",
  "published": "2024-01-11T00:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42870"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213938"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213940"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213938"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213940"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7P9F-X9PW-W3X4

Vulnerability from github – Published: 2025-12-18 15:30 – Updated: 2025-12-19 21:30
VLAI
Details

Use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 146.0.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-14860"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-18T15:15:53Z",
    "severity": "CRITICAL"
  },
  "details": "Use-after-free in the Disability Access APIs component. This vulnerability affects Firefox \u003c 146.0.1.",
  "id": "GHSA-7p9f-x9pw-w3x4",
  "modified": "2025-12-19T21:30:18Z",
  "published": "2025-12-18T15:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14860"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2000597"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-98"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7P9M-XQFR-9WM2

Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-05-24 19:09
VLAI
Details

Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-30541"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-03T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-7p9m-xqfr-9wm2",
  "modified": "2022-05-24T19:09:47Z",
  "published": "2022-05-24T19:09:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30541"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1214842"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-7PJ2-CQXR-MFC7

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:45
VLAI
Details

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-7835"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-22T19:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",
  "id": "GHSA-7pj2-cqxr-mfc7",
  "modified": "2024-04-04T00:45:13Z",
  "published": "2022-05-24T16:46:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7835"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108320"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7PMJ-MX7J-526R

Vulnerability from github – Published: 2022-05-17 00:54 – Updated: 2022-05-17 00:54
VLAI
Details

Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2013-2857"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-06-05T00:55:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images.",
  "id": "GHSA-7pmj-mx7j-526r",
  "modified": "2022-05-17T00:54:49Z",
  "published": "2022-05-17T00:54:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2857"
    },
    {
      "type": "WEB",
      "url": "https://code.google.com/p/chromium/issues/detail?id=240124"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16816"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2013/dsa-2706"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.