CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9811 vulnerabilities reference this CWE, most recent first.
GHSA-7QJF-4X9R-9F46
Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
{
"affected": [],
"aliases": [
"CVE-2026-45635"
],
"database_specific": {
"cwe_ids": [
"CWE-416",
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T17:17:30Z",
"severity": "HIGH"
},
"details": "Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.",
"id": "GHSA-7qjf-4x9r-9f46",
"modified": "2026-06-09T18:30:52Z",
"published": "2026-06-09T18:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45635"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45635"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7QMM-CRG7-CFFG
Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621.
{
"affected": [],
"aliases": [
"CVE-2015-5586"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-10-14T23:59:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621.",
"id": "GHSA-7qmm-crg7-cffg",
"modified": "2022-05-13T01:06:43Z",
"published": "2022-05-13T01:06:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5586"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033796"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7QPF-HV34-VVR8
Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2025-04-20 03:37The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.
{
"affected": [],
"aliases": [
"CVE-2017-8846"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-08T14:29:00Z",
"severity": "MODERATE"
},
"details": "The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.",
"id": "GHSA-7qpf-hv34-vvr8",
"modified": "2025-04-20T03:37:20Z",
"published": "2022-05-13T01:07:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8846"
},
{
"type": "WEB",
"url": "https://github.com/ckolivas/lrzip/issues/71"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2017/05/07/lrzip-use-after-free-in-read_stream-stream-c"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00001.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202005-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7QPJ-M5PF-Q5RF
Vulnerability from github – Published: 2022-05-13 01:18 – Updated: 2022-05-13 01:18Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element.
{
"affected": [],
"aliases": [
"CVE-2013-6641"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-01-16T12:17:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element.",
"id": "GHSA-7qpj-m5pf-q5rf",
"modified": "2022-05-13T01:18:01Z",
"published": "2022-05-13T01:18:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6641"
},
{
"type": "WEB",
"url": "https://chromium.googlesource.com/chromium/blink.git/+/1dfd387bd88cc0ebaef3a2302e72ac1c6101b91b"
},
{
"type": "WEB",
"url": "https://code.google.com/p/chromium/issues/detail?id=326854"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00008.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2014/dsa-2862"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7QPW-4747-CH6G
Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24Use-after-free vulnerability in Open Litespeed before 1.3.10.
{
"affected": [],
"aliases": [
"CVE-2015-3890"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-20T18:29:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in Open Litespeed before 1.3.10.",
"id": "GHSA-7qpw-4747-ch6g",
"modified": "2022-05-13T01:24:55Z",
"published": "2022-05-13T01:24:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3890"
},
{
"type": "WEB",
"url": "http://www.security-assessment.com/files/documents/advisory/Open%20Litespeed%20Use%20After%20Free%20Vulnerability.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7QQ3-FMC6-W4W4
Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-11 09:30In the Linux kernel, the following vulnerability has been resolved:
iavf: fix PTP use-after-free during reset
Commit 7c01dbfc8a1c5f ("iavf: periodically cache PHC time") introduced a worker to cache PHC time, but failed to stop it during reset or disable.
This creates a race condition where iavf_reset_task() or
iavf_disable_vf() free adapter resources (AQ) while the worker is still
running. If the worker triggers iavf_queue_ptp_cmd() during teardown, it
accesses freed memory/locks, leading to a crash.
Fix this by calling iavf_ptp_release() before tearing down the adapter.
This ensures ptp_clock_unregister() synchronously cancels the worker and
cleans up the chardev before the backing resources are destroyed.
{
"affected": [],
"aliases": [
"CVE-2026-43447"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-08T15:16:57Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: fix PTP use-after-free during reset\n\nCommit 7c01dbfc8a1c5f (\"iavf: periodically cache PHC time\") introduced a\nworker to cache PHC time, but failed to stop it during reset or disable.\n\nThis creates a race condition where `iavf_reset_task()` or\n`iavf_disable_vf()` free adapter resources (AQ) while the worker is still\nrunning. If the worker triggers `iavf_queue_ptp_cmd()` during teardown, it\naccesses freed memory/locks, leading to a crash.\n\nFix this by calling `iavf_ptp_release()` before tearing down the adapter.\nThis ensures `ptp_clock_unregister()` synchronously cancels the worker and\ncleans up the chardev before the backing resources are destroyed.",
"id": "GHSA-7qq3-fmc6-w4w4",
"modified": "2026-05-11T09:30:31Z",
"published": "2026-05-08T15:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43447"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1b034f2429ce6b45ce74dc266175d277acafc5c4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/90cc8b2add29b57288025b51c70bc647e7cccb12"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/efc54fb13d79117a825fef17364315a58682c7ec"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7QQ6-JG2H-8G2J
Vulnerability from github – Published: 2024-06-21 12:31 – Updated: 2025-10-03 15:31In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Avoid unnecessary destruction of file_ida
file_ida is allocated during cdev open and is freed accordingly during cdev release. This sequence is guaranteed by driver file operations. Therefore, there is no need to destroy an already empty file_ida when the WQ cdev is removed.
Worse, ida_free() in cdev release may happen after destruction of file_ida per WQ cdev. This can lead to accessing an id in file_ida after it has been destroyed, resulting in a kernel panic.
Remove ida_destroy(&file_ida) to address these issues.
{
"affected": [],
"aliases": [
"CVE-2024-38629"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-21T11:15:11Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Avoid unnecessary destruction of file_ida\n\nfile_ida is allocated during cdev open and is freed accordingly\nduring cdev release. This sequence is guaranteed by driver file\noperations. Therefore, there is no need to destroy an already empty\nfile_ida when the WQ cdev is removed.\n\nWorse, ida_free() in cdev release may happen after destruction of\nfile_ida per WQ cdev. This can lead to accessing an id in file_ida\nafter it has been destroyed, resulting in a kernel panic.\n\nRemove ida_destroy(\u0026file_ida) to address these issues.",
"id": "GHSA-7qq6-jg2h-8g2j",
"modified": "2025-10-03T15:31:13Z",
"published": "2024-06-21T12:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38629"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/15edb906211bf53e7b5574f7326ab734d6bff4f9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/76e43fa6a456787bad31b8d0daeabda27351a480"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9eb15f24a0b9b017b39cde8b8c07243676b63687"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7QV4-9J3V-5HF5
Vulnerability from github – Published: 2022-05-05 02:48 – Updated: 2024-10-17 21:31Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability."
{
"affected": [],
"aliases": [
"CVE-2013-0022"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-02-13T12:04:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer LsGetTrailInfo Use After Free Vulnerability.\"",
"id": "GHSA-7qv4-9j3v-5hf5",
"modified": "2024-10-17T21:31:29Z",
"published": "2022-05-05T02:48:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0022"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16069"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-043B.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7QVM-4564-F42G
Vulnerability from github – Published: 2023-09-11 09:31 – Updated: 2024-04-04 07:34When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.
{
"affected": [],
"aliases": [
"CVE-2023-4575"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-11T09:15:09Z",
"severity": "MODERATE"
},
"details": "When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox \u003c 117, Firefox ESR \u003c 102.15, Firefox ESR \u003c 115.2, and Thunderbird \u003c 115.2.",
"id": "GHSA-7qvm-4564-f42g",
"modified": "2024-04-04T07:34:47Z",
"published": "2023-09-11T09:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4575"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846689"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-34"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-35"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-36"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-37"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7QW8-W379-55HX
Vulnerability from github – Published: 2025-03-05 06:31 – Updated: 2025-03-05 15:30Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2025-1916"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-05T04:15:11Z",
"severity": "HIGH"
},
"details": "Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-7qw8-w379-55hx",
"modified": "2025-03-05T15:30:55Z",
"published": "2025-03-05T06:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1916"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/376493203"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.