Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-9H2Q-CWG7-7WX8

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-26 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

igb: Fix use-after-free error during reset

Cleans the next descriptor to watch (next_to_watch) when cleaning the TX ring.

Failure to do so can cause invalid memory accesses. If igb_poll() runs while the controller is reset this can lead to the driver try to free a skb that was already freed.

(The crash is harder to reproduce with the igb driver, but the same potential problem exists as the code is identical to igc)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47301"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:17Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Fix use-after-free error during reset\n\nCleans the next descriptor to watch (next_to_watch) when cleaning the\nTX ring.\n\nFailure to do so can cause invalid memory accesses. If igb_poll() runs\nwhile the controller is reset this can lead to the driver try to free\na skb that was already freed.\n\n(The crash is harder to reproduce with the igb driver, but the same\npotential problem exists as the code is identical to igc)",
  "id": "GHSA-9h2q-cwg7-7wx8",
  "modified": "2024-12-26T21:30:35Z",
  "published": "2024-05-21T15:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47301"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7b292608db23ccbbfbfa50cdb155d01725d7a52e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/88e0720133d42d34851c8721cf5f289a50a8710f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e24c12f2ff6d32fd9f057382f08e748ec97194c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d3ccb18ed5ac3283c7b31ecc685b499e580d5492"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d7367f781e5a9ca5df9082b15b272b55e76931f8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f153664d8e70c11d0371341613651e1130e20240"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9H3M-VP3M-35PW

Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2025-11-18 00:30
VLAI
Details

Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-5122"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-07-14T10:59:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.",
  "id": "GHSA-9h3m-vp3m-35pw",
  "modified": "2025-11-18T00:30:17Z",
  "published": "2022-05-13T01:06:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5122"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cisagov/vulnrichment/issues/196"
    },
    {
      "type": "WEB",
      "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784"
    },
    {
      "type": "WEB",
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsa15-04.html"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-18.html"
    },
    {
      "type": "WEB",
      "url": "https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop"
    },
    {
      "type": "WEB",
      "url": "https://perception-point.io/new/breaking-cfi.php"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201508-01"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5122"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/37599"
    },
    {
      "type": "WEB",
      "url": "https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1235.html"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/338736"
    },
    {
      "type": "WEB",
      "url": "http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/75712"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032890"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/ncas/alerts/TA15-195A"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9H3V-WRPM-Q7M5

Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-06-01 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: hackrf: fix to not free memory after the device is registered in hackrf_probe()

In hackrf driver, the following race condition occurs:

        CPU0                        CPU1
hackrf_probe()
  kzalloc(); // alloc hackrf_dev
  ....
  v4l2_device_register();
  ....
                        fd = sys_open("/path/to/dev"); // open hackrf fd
                        ....
  v4l2_device_unregister();
  ....
  kfree(); // free hackrf_dev
  ....
                        sys_ioctl(fd, ...);
                          v4l2_ioctl();
                            video_is_registered() // UAF!!
                        ....
                        sys_close(fd);
                          v4l2_release() // UAF!!
                            hackrf_video_release()
                              kfree(); // DFB!!

When a V4L2 or video device is unregistered, the device node is removed so new open() calls are blocked.

However, file descriptors that are already open-and any in-flight I/O-do not terminate immediately; they remain valid until the last reference is dropped and the driver's release() is invoked.

Therefore, freeing device memory on the error path after hackrf_probe() has registered dev it will lead to a race to use-after-free vuln, since those already-open handles haven't been released yet.

And since release() free memory too, race to use-after-free and double-free vuln occur.

To prevent this, if device is registered from probe(), it should be modified to free memory only through release() rather than calling kfree() directly.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31576"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-24T15:16:32Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: hackrf: fix to not free memory after the device is registered in hackrf_probe()\n\nIn hackrf driver, the following race condition occurs:\n```\n\t\tCPU0\t\t\t\t\t\tCPU1\nhackrf_probe()\n  kzalloc(); // alloc hackrf_dev\n  ....\n  v4l2_device_register();\n  ....\n\t\t\t\t\t\tfd = sys_open(\"/path/to/dev\"); // open hackrf fd\n\t\t\t\t\t\t....\n  v4l2_device_unregister();\n  ....\n  kfree(); // free hackrf_dev\n  ....\n\t\t\t\t\t\tsys_ioctl(fd, ...);\n\t\t\t\t\t\t  v4l2_ioctl();\n\t\t\t\t\t\t    video_is_registered() // UAF!!\n\t\t\t\t\t\t....\n\t\t\t\t\t\tsys_close(fd);\n\t\t\t\t\t\t  v4l2_release() // UAF!!\n\t\t\t\t\t\t    hackrf_video_release()\n\t\t\t\t\t\t      kfree(); // DFB!!\n```\n\nWhen a V4L2 or video device is unregistered, the device node is removed so\nnew open() calls are blocked.\n\nHowever, file descriptors that are already open-and any in-flight I/O-do\nnot terminate immediately; they remain valid until the last reference is\ndropped and the driver\u0027s release() is invoked.\n\nTherefore, freeing device memory on the error path after hackrf_probe()\nhas registered dev it will lead to a race to use-after-free vuln, since\nthose already-open handles haven\u0027t been released yet.\n\nAnd since release() free memory too, race to use-after-free and\ndouble-free vuln occur.\n\nTo prevent this, if device is registered from probe(), it should be\nmodified to free memory only through release() rather than calling\nkfree() directly.",
  "id": "GHSA-9h3v-wrpm-q7m5",
  "modified": "2026-06-01T18:31:25Z",
  "published": "2026-04-24T15:32:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31576"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/07e9e674b6146b1f6fc41b1f54b8968bf2802824"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/131ec9046e1c8af101aebdaec4e8095e05f3312b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2145c71a8044362e82e9923f001ba2aeb771b848"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3b7da2b4d0fe014eff181ed37e3bf832eb8ed258"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/45cbaf5c7cdc5386d86377f0daf94a17a007fed0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/67fd62e3efdc9dce01f76d95a745212f4feb38e6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/87b9685cca91ed715c39ba544715832d26a7f4b4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/98a0a81ce78020c2522e0046f49d200de9778cb9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fcd1d70792a35c8a97414fe429f48311e41269c2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9H68-3V3C-5FMJ

Vulnerability from github – Published: 2025-06-10 18:32 – Updated: 2025-06-10 18:32
VLAI
Details

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47170"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-10T17:23:47Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.",
  "id": "GHSA-9h68-3v3c-5fmj",
  "modified": "2025-06-10T18:32:30Z",
  "published": "2025-06-10T18:32:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47170"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47170"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9H69-JRQQ-936C

Vulnerability from github – Published: 2023-09-25 18:30 – Updated: 2025-11-04 21:30
VLAI
Details

A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can deliver file to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-39453"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-25T16:15:14Z",
    "severity": "CRITICAL"
  },
  "details": "A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can deliver file to trigger this vulnerability.",
  "id": "GHSA-9h69-jrqq-936c",
  "modified": "2025-11-04T21:30:39Z",
  "published": "2023-09-25T18:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39453"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1830"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1830"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9H6G-G22R-WGHG

Vulnerability from github – Published: 2022-02-19 00:00 – Updated: 2022-03-01 00:00
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 13.2.0.21165. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15104.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-24062"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-18T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 13.2.0.21165. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15104.",
  "id": "GHSA-9h6g-g22r-wghg",
  "modified": "2022-03-01T00:00:49Z",
  "published": "2022-02-19T00:00:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24062"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-254"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-9H8H-JWRX-HXGG

Vulnerability from github – Published: 2023-10-11 21:33 – Updated: 2023-10-11 21:33
VLAI
Details

Use After Free in GitHub repository vim/vim prior to v9.0.2010.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-5535"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-11T20:15:10Z",
    "severity": "HIGH"
  },
  "details": "Use After Free in GitHub repository vim/vim prior to v9.0.2010.",
  "id": "GHSA-9h8h-jwrx-hxgg",
  "modified": "2023-10-11T21:33:25Z",
  "published": "2023-10-11T21:33:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5535"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vim/vim/commit/41e6f7d6ba67b61d911f9b1d76325cd79224753d"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/2c2d85a7-1171-4014-bf7f-a2451745861f"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDDWD25AZIHBAA44HQT75OWLQ5UMDKU3"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGTVLUV7UCXXCZAIQIUCLG6JXAVYT3HE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9HG6-8R8X-Q6Q6

Vulnerability from github – Published: 2025-12-31 09:30 – Updated: 2025-12-31 09:30
VLAI
Details

FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of SFD files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28525.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-15280"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-31T07:15:52Z",
    "severity": "HIGH"
  },
  "details": "FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SFD files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28525.",
  "id": "GHSA-9hg6-8r8x-q6q6",
  "modified": "2025-12-31T09:30:19Z",
  "published": "2025-12-31T09:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15280"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1188"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9HGF-JPQ5-R7R9

Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26
VLAI
Details

Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-2823"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-08-29T15:55:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box.",
  "id": "GHSA-9hgf-jpq5-r7r9",
  "modified": "2022-05-13T01:26:33Z",
  "published": "2022-05-13T01:26:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2823"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13789"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/chromium/issues/detail?id=82552"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4981"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4999"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5000"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-9HGG-6GF4-MX6P

Vulnerability from github – Published: 2022-01-14 00:01 – Updated: 2022-01-15 00:02
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14847.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34894"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-13T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14847.",
  "id": "GHSA-9hgg-6gf4-mx6p",
  "modified": "2022-01-15T00:02:30Z",
  "published": "2022-01-14T00:01:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34894"
    },
    {
      "type": "WEB",
      "url": "https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0004"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1483"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.