CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9811 vulnerabilities reference this CWE, most recent first.
GHSA-82W9-G9WM-675R
Vulnerability from github – Published: 2024-08-13 18:31 – Updated: 2025-10-22 00:33Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-38193"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-13T18:15:28Z",
"severity": "HIGH"
},
"details": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability",
"id": "GHSA-82w9-g9wm-675r",
"modified": "2025-10-22T00:33:05Z",
"published": "2024-08-13T18:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38193"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38193"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38193"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/52284"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8336-F5FQ-9373
Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2022-03-18 00:01A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows.
{
"affected": [],
"aliases": [
"CVE-2022-24960"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-10T17:46:00Z",
"severity": "HIGH"
},
"details": "A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows.",
"id": "GHSA-8336-f5fq-9373",
"modified": "2022-03-18T00:01:21Z",
"published": "2022-03-11T00:02:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24960"
},
{
"type": "WEB",
"url": "https://github.com/suletm/security_research/blob/main/CVE/CVE-2022-24960.json"
},
{
"type": "WEB",
"url": "https://www.pdftron.com/nightly/#stable/2022-02-08/9.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8337-3P73-46F4
Vulnerability from github – Published: 2026-04-03 02:40 – Updated: 2026-04-06 23:10Impact
Apps that register an asynchronous session.setPermissionRequestHandler() may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invoking the stored callback dereferences freed memory, which may lead to a crash or memory corruption.
Apps that do not set a permission request handler, or whose handler responds synchronously, are not affected.
Workarounds
Respond to permission requests synchronously, or deny fullscreen, pointer-lock, and keyboard-lock requests if an asynchronous flow is required.
Fixed Versions
41.0.0-beta.840.7.039.8.038.8.6
For more information
If there are any questions or comments about this advisory, please email security@electronjs.org
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "38.8.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "39.0.0-alpha.1"
},
{
"fixed": "39.8.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "40.0.0-alpha.1"
},
{
"fixed": "40.7.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "41.0.0-alpha.1"
},
{
"fixed": "41.0.0-beta.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-34771"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-03T02:40:24Z",
"nvd_published_at": "2026-04-04T00:16:17Z",
"severity": "HIGH"
},
"details": "### Impact\nApps that register an asynchronous `session.setPermissionRequestHandler()` may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invoking the stored callback dereferences freed memory, which may lead to a crash or memory corruption.\n\nApps that do not set a permission request handler, or whose handler responds synchronously, are not affected.\n\n### Workarounds\nRespond to permission requests synchronously, or deny fullscreen, pointer-lock, and keyboard-lock requests if an asynchronous flow is required.\n\n### Fixed Versions\n* `41.0.0-beta.8`\n* `40.7.0`\n* `39.8.0`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)",
"id": "GHSA-8337-3p73-46f4",
"modified": "2026-04-06T23:10:44Z",
"published": "2026-04-03T02:40:24Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34771"
},
{
"type": "PACKAGE",
"url": "https://github.com/electron/electron"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks"
}
GHSA-833P-JVR6-87GM
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution.
{
"affected": [],
"aliases": [
"CVE-2017-2821"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-05T18:29:00Z",
"severity": "HIGH"
},
"details": "An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution.",
"id": "GHSA-833p-jvr6-87gm",
"modified": "2022-05-13T01:01:24Z",
"published": "2022-05-13T01:01:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2821"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0322"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100510"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8345-XQ88-32V3
Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document.
{
"affected": [],
"aliases": [
"CVE-2011-3034"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-03-05T19:55:00Z",
"severity": "MODERATE"
},
"details": "Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document.",
"id": "GHSA-8345-xq88-32v3",
"modified": "2022-05-13T01:27:16Z",
"published": "2022-05-13T01:27:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3034"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73645"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14839"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=111748"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48265"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48419"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48527"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-201203-19.xml"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5400"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5485"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5503"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/52271"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1026759"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-835R-7GV7-G577
Vulnerability from github – Published: 2024-03-05 09:31 – Updated: 2024-03-05 09:31Use after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2024 Release 1 due to race condition allows local attackers with system privilege to cause memory corruption.
{
"affected": [],
"aliases": [
"CVE-2024-20833"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-05T08:15:39Z",
"severity": "MODERATE"
},
"details": "Use after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2024 Release 1 due to race condition allows local attackers with system privilege to cause memory corruption.",
"id": "GHSA-835r-7gv7-g577",
"modified": "2024-03-05T09:31:19Z",
"published": "2024-03-05T09:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20833"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024\u0026month=03"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8374-7847-GP4W
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.
{
"affected": [],
"aliases": [
"CVE-2021-38381"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-10T18:15:00Z",
"severity": "MODERATE"
},
"details": "Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.",
"id": "GHSA-8374-7847-gp4w",
"modified": "2022-05-24T19:10:33Z",
"published": "2022-05-24T19:10:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38381"
},
{
"type": "WEB",
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021961.html"
},
{
"type": "WEB",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.09]"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-837Q-27J3-572Q
Vulnerability from github – Published: 2022-05-17 00:57 – Updated: 2022-05-17 00:57Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs.
{
"affected": [],
"aliases": [
"CVE-2012-5125"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-11-07T11:43:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs.",
"id": "GHSA-837q-27j3-572q",
"modified": "2022-05-17T00:57:40Z",
"published": "2022-05-17T00:57:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5125"
},
{
"type": "WEB",
"url": "https://code.google.com/p/chromium/issues/detail?id=156051"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79872"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15341"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html"
},
{
"type": "WEB",
"url": "http://osvdb.org/87083"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/56413"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8399-FJ6C-9HF7
Vulnerability from github – Published: 2022-05-17 02:39 – Updated: 2022-05-17 02:39There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
{
"affected": [],
"aliases": [
"CVE-2017-9953"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-26T23:29:00Z",
"severity": "HIGH"
},
"details": "There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.",
"id": "GHSA-8399-fj6c-9hf7",
"modified": "2022-05-17T02:39:34Z",
"published": "2022-05-17T02:39:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9953"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465061"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-839X-P2JC-Q87X
Vulnerability from github – Published: 2024-02-05 12:30 – Updated: 2024-07-03 18:33Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Bifrost GPU Kernel Driver: from r35p0 through r40p0; Valhall GPU Kernel Driver: from r35p0 through r40p0.
{
"affected": [],
"aliases": [
"CVE-2023-5249"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-05T10:15:08Z",
"severity": "HIGH"
},
"details": "Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system\u2019s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Bifrost GPU Kernel Driver: from r35p0 through r40p0; Valhall GPU Kernel Driver: from r35p0 through r40p0.\n\n",
"id": "GHSA-839x-p2jc-q87x",
"modified": "2024-07-03T18:33:27Z",
"published": "2024-02-05T12:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5249"
},
{
"type": "WEB",
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.