CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-9M53-4C27-H8F5
Vulnerability from github – Published: 2022-05-14 03:09 – Updated: 2025-11-25 18:32A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
{
"affected": [],
"aliases": [
"CVE-2017-5402"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-11T21:29:00Z",
"severity": "CRITICAL"
},
"details": "A use-after-free can occur when events are fired for a \"FontFace\" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 52, Firefox ESR \u003c 45.8, Thunderbird \u003c 52, and Thunderbird \u003c 45.8.",
"id": "GHSA-9m53-4c27-h8f5",
"modified": "2025-11-25T18:32:07Z",
"published": "2022-05-14T03:09:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5402"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1334876"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201705-06"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201705-07"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3805"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3832"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-05"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-06"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-07"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-09"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0459.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0461.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0498.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96664"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037966"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9M57-XV2X-RJ9V
Vulnerability from github – Published: 2024-01-31 00:30 – Updated: 2024-07-03 18:33Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2024-1077"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-30T22:15:53Z",
"severity": "HIGH"
},
"details": "Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)",
"id": "GHSA-9m57-xv2x-rj9v",
"modified": "2024-07-03T18:33:23Z",
"published": "2024-01-31T00:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1077"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1511085"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUXJY3YC3VGIJW2AOHL4NZ7ZK7BRYWY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCVKRHRWPMITSVFBHQBSNXOVJAKT547Q"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9M9Q-2R2H-7J8V
Vulnerability from github – Published: 2022-05-14 03:08 – Updated: 2025-11-25 18:32A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
{
"affected": [],
"aliases": [
"CVE-2017-7818"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-11T21:29:00Z",
"severity": "CRITICAL"
},
"details": "A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 56, Firefox ESR \u003c 52.4, and Thunderbird \u003c 52.4.",
"id": "GHSA-9m9q-2r2h-7j8v",
"modified": "2025-11-25T18:32:10Z",
"published": "2022-05-14T03:08:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7818"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2831"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2885"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1363723"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201803-14"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3987"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-4014"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-21"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-22"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-23"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101055"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039465"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9MC9-J9J6-FVMM
Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31Foxit PDF Reader templates Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of templates. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21586.
{
"affected": [],
"aliases": [
"CVE-2023-42089"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T03:15:45Z",
"severity": "LOW"
},
"details": "Foxit PDF Reader templates Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of templates. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21586.",
"id": "GHSA-9mc9-j9j6-fvmm",
"modified": "2024-05-03T03:31:01Z",
"published": "2024-05-03T03:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42089"
},
{
"type": "WEB",
"url": "https://www.foxit.com/support/security-bulletins.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1422"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9MG5-2PF2-X28V
Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-05-24 17:29Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2020-6549"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-21T20:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-9mg5-2pf2-x28v",
"modified": "2022-05-24T17:29:06Z",
"published": "2022-05-24T17:29:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6549"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1105426"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202101-30"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4824"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/159558/Chrome-MediaElementEventListener-UpdateSources-Use-After-Free.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-9MHH-V2W9-X3XJ
Vulnerability from github – Published: 2024-03-03 00:30 – Updated: 2024-12-11 18:30In the Linux kernel, the following vulnerability has been resolved:
RDMA/srp: Do not call scsi_done() from srp_abort()
After scmd_eh_abort_handler() has called the SCSI LLD eh_abort_handler callback, it performs one of the following actions: * Call scsi_queue_insert(). * Call scsi_finish_command(). * Call scsi_eh_scmd_add(). Hence, SCSI abort handlers must not call scsi_done(). Otherwise all the above actions would trigger a use-after-free. Hence remove the scsi_done() call from srp_abort(). Keep the srp_free_req() call before returning SUCCESS because we may not see the command again if SUCCESS is returned.
{
"affected": [],
"aliases": [
"CVE-2023-52515"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-02T22:15:47Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srp: Do not call scsi_done() from srp_abort()\n\nAfter scmd_eh_abort_handler() has called the SCSI LLD eh_abort_handler\ncallback, it performs one of the following actions:\n* Call scsi_queue_insert().\n* Call scsi_finish_command().\n* Call scsi_eh_scmd_add().\nHence, SCSI abort handlers must not call scsi_done(). Otherwise all\nthe above actions would trigger a use-after-free. Hence remove the\nscsi_done() call from srp_abort(). Keep the srp_free_req() call\nbefore returning SUCCESS because we may not see the command again if\nSUCCESS is returned.",
"id": "GHSA-9mhh-v2w9-x3xj",
"modified": "2024-12-11T18:30:35Z",
"published": "2024-03-03T00:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52515"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/05a10b316adaac1f322007ca9a0383b410d759cc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/26788a5b48d9d5cd3283d777d238631c8cd7495a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2b298f9181582270d5e95774e5a6c7a7fb5b1206"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b9bdffb3f9aaeff8379c83f5449c6b42cb71c2b5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e193b7955dfad68035b983a0011f4ef3590c85eb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9MMW-R35M-G52R
Vulnerability from github – Published: 2026-06-09 00:33 – Updated: 2026-06-09 03:31Use after free in Web Apps in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
{
"affected": [],
"aliases": [
"CVE-2026-11642"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T00:16:46Z",
"severity": "HIGH"
},
"details": "Use after free in Web Apps in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)",
"id": "GHSA-9mmw-r35m-g52r",
"modified": "2026-06-09T03:31:39Z",
"published": "2026-06-09T00:33:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11642"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/517678820"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9MP7-JX47-XV3H
Vulnerability from github – Published: 2025-09-23 06:30 – Updated: 2026-01-20 21:31In the Linux kernel, the following vulnerability has been resolved:
can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB
can_put_echo_skb() takes ownership of the SKB and it may be freed during or after the call.
However, xilinx_can xcan_write_frame() keeps using SKB after the call.
Fix that by only calling can_put_echo_skb() after the code is done touching the SKB.
The tx_lock is held for the entire xcan_write_frame() execution and also on the can_get_echo_skb() side so the order of operations does not matter.
An earlier fix commit 3d3c817c3a40 ("can: xilinx_can: Fix usage of skb memory") did not move the can_put_echo_skb() call far enough.
[mkl: add "commit" in front of sha1 in patch description] [mkl: fix indention]
{
"affected": [],
"aliases": [
"CVE-2025-39873"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-23T06:15:46Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB\n\ncan_put_echo_skb() takes ownership of the SKB and it may be freed\nduring or after the call.\n\nHowever, xilinx_can xcan_write_frame() keeps using SKB after the call.\n\nFix that by only calling can_put_echo_skb() after the code is done\ntouching the SKB.\n\nThe tx_lock is held for the entire xcan_write_frame() execution and\nalso on the can_get_echo_skb() side so the order of operations does not\nmatter.\n\nAn earlier fix commit 3d3c817c3a40 (\"can: xilinx_can: Fix usage of skb\nmemory\") did not move the can_put_echo_skb() call far enough.\n\n[mkl: add \"commit\" in front of sha1 in patch description]\n[mkl: fix indention]",
"id": "GHSA-9mp7-jx47-xv3h",
"modified": "2026-01-20T21:31:30Z",
"published": "2025-09-23T06:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39873"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1139321161a3ba5e45e61e0738b37f42f20bc57a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/668cc1e3bb21101d074e430de1b7ba8fd10189e7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/725b33deebd6e4c96fe7893f384510a54258f28f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/94b050726288a56a6b8ff55aa641f2fedbd3b44c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e202ffd9e54538ef67ec301ebd6d9da4823466c9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ef79f00be72bd81d2e1e6f060d83cf7e425deee4"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9MPV-3FWV-J55X
Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2022-05-24 16:51Possible race condition that will cause a use-after-free when writing to two sysfs entries at nearly the same time in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX20, SDX24
{
"affected": [],
"aliases": [
"CVE-2019-2314"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-25T17:15:00Z",
"severity": "HIGH"
},
"details": "Possible race condition that will cause a use-after-free when writing to two sysfs entries at nearly the same time in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX20, SDX24",
"id": "GHSA-9mpv-3fwv-j55x",
"modified": "2022-05-24T16:51:26Z",
"published": "2022-05-24T16:51:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2314"
},
{
"type": "WEB",
"url": "https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-9MQW-QGFR-X8HP
Vulnerability from github – Published: 2023-03-28 21:30 – Updated: 2023-03-28 21:30Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2023-25894"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-28T20:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-9mqw-qgfr-x8hp",
"modified": "2023-03-28T21:30:19Z",
"published": "2023-03-28T21:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25894"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/dimension/apsb23-20.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.