Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-M8WF-2872-HP5W

Vulnerability from github – Published: 2025-07-08 18:31 – Updated: 2025-07-08 18:31
VLAI
Details

Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47986"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T17:15:39Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-m8wf-2872-hp5w",
  "modified": "2025-07-08T18:31:44Z",
  "published": "2025-07-08T18:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47986"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47986"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M8WQ-C42P-JW5V

Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24
VLAI
Details

Use-after-free vulnerability in the msm_set_crop function in drivers/media/video/msm/msm_camera.c in the MSM-Camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-0568"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-08-07T21:59:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in the msm_set_crop function in drivers/media/video/msm/msm_camera.c in the MSM-Camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.",
  "id": "GHSA-m8wq-c42p-jw5v",
  "modified": "2022-05-13T01:24:33Z",
  "published": "2022-05-13T01:24:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0568"
    },
    {
      "type": "WEB",
      "url": "https://www.codeaurora.org/projects/security-advisories/multiple-issues-camera-drivers-cve-2014-9410-cve-2015-0568"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/92379"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M922-7CQ2-3FRM

Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the style property of a Field object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6915.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-17680"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-24T04:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the style property of a Field object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6915.",
  "id": "GHSA-m922-7cq2-3frm",
  "modified": "2022-05-13T01:33:52Z",
  "published": "2022-05-13T01:33:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17680"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1189"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M923-55G6-M66Q

Vulnerability from github – Published: 2024-05-01 06:31 – Updated: 2026-05-12 12:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wireguard: netlink: check for dangling peer via is_dead instead of empty list

If all peers are removed via wg_peer_remove_all(), rather than setting peer_list to empty, the peer is added to a temporary list with a head on the stack of wg_peer_remove_all(). If a netlink dump is resumed and the cursored peer is one that has been removed via wg_peer_remove_all(), it will iterate from that peer and then attempt to dump freed peers.

Fix this by instead checking peer->is_dead, which was explictly created for this purpose. Also move up the device_update_lock lockdep assertion, since reading is_dead relies on that.

It can be reproduced by a small script like:

echo "Setting config..."
ip link add dev wg0 type wireguard
wg setconf wg0 /big-config
(
        while true; do
                echo "Showing config..."
                wg showconf wg0 > /dev/null
        done
) &
sleep 4
wg setconf wg0 <(printf "[Peer]\nPublicKey=$(wg genkey)\n")

Resulting in:

BUG: KASAN: slab-use-after-free in __lock_acquire+0x182a/0x1b20
Read of size 8 at addr ffff88811956ec70 by task wg/59
CPU: 2 PID: 59 Comm: wg Not tainted 6.8.0-rc2-debug+ #5
Call Trace:
 <TASK>
 dump_stack_lvl+0x47/0x70
 print_address_description.constprop.0+0x2c/0x380
 print_report+0xab/0x250
 kasan_report+0xba/0xf0
 __lock_acquire+0x182a/0x1b20
 lock_acquire+0x191/0x4b0
 down_read+0x80/0x440
 get_peer+0x140/0xcb0
 wg_get_device_dump+0x471/0x1130
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26951"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-01T06:15:11Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: netlink: check for dangling peer via is_dead instead of empty list\n\nIf all peers are removed via wg_peer_remove_all(), rather than setting\npeer_list to empty, the peer is added to a temporary list with a head on\nthe stack of wg_peer_remove_all(). If a netlink dump is resumed and the\ncursored peer is one that has been removed via wg_peer_remove_all(), it\nwill iterate from that peer and then attempt to dump freed peers.\n\nFix this by instead checking peer-\u003eis_dead, which was explictly created\nfor this purpose. Also move up the device_update_lock lockdep assertion,\nsince reading is_dead relies on that.\n\nIt can be reproduced by a small script like:\n\n    echo \"Setting config...\"\n    ip link add dev wg0 type wireguard\n    wg setconf wg0 /big-config\n    (\n            while true; do\n                    echo \"Showing config...\"\n                    wg showconf wg0 \u003e /dev/null\n            done\n    ) \u0026\n    sleep 4\n    wg setconf wg0 \u003c(printf \"[Peer]\\nPublicKey=$(wg genkey)\\n\")\n\nResulting in:\n\n    BUG: KASAN: slab-use-after-free in __lock_acquire+0x182a/0x1b20\n    Read of size 8 at addr ffff88811956ec70 by task wg/59\n    CPU: 2 PID: 59 Comm: wg Not tainted 6.8.0-rc2-debug+ #5\n    Call Trace:\n     \u003cTASK\u003e\n     dump_stack_lvl+0x47/0x70\n     print_address_description.constprop.0+0x2c/0x380\n     print_report+0xab/0x250\n     kasan_report+0xba/0xf0\n     __lock_acquire+0x182a/0x1b20\n     lock_acquire+0x191/0x4b0\n     down_read+0x80/0x440\n     get_peer+0x140/0xcb0\n     wg_get_device_dump+0x471/0x1130",
  "id": "GHSA-m923-55g6-m66q",
  "modified": "2026-05-12T12:31:42Z",
  "published": "2024-05-01T06:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26951"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/13d107794304306164481d31ce33f8fdb25a9c04"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/302b2dfc013baca3dea7ceda383930d9297d231d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/55b6c738673871c9b0edae05d0c97995c1ff08c4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/710a177f347282eea162aec8712beb1f42d5ad87"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7bedfe4cfa38771840a355970e4437cd52d4046b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b7cea3a9af0853fdbb1b16633a458f991dde6aac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f52be46e3e6ecefc2539119784324f0cbc09620a"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M934-94J6-4844

Vulnerability from github – Published: 2024-12-02 09:39 – Updated: 2025-11-04 00:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer

When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53103"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-02T08:15:08Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhv_sock: Initializing vsk-\u003etrans to NULL to prevent a dangling pointer\n\nWhen hvs is released, there is a possibility that vsk-\u003etrans may not\nbe initialized to NULL, which could lead to a dangling pointer.\nThis issue is resolved by initializing vsk-\u003etrans to NULL.",
  "id": "GHSA-m934-94j6-4844",
  "modified": "2025-11-04T00:32:09Z",
  "published": "2024-12-02T09:39:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53103"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/285266ef92f7b4bf7d26e1e95e215ce6a6badb4a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/414476c4fb11be070c09ab8f3e75c9ee324a108a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4bdc5a62c6e50600d8a1c3e18fd6dce0c27c9497"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4fe1d42f2acc463b733bb42e3f8e67dbc2a0eb2d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7cf25987820350cb950856c71b409e5b6eed52bd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8621725afb38e111969c64280b71480afde2aace"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/98d8dde9232250a57ad5ef16479bf6a349e09b80"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e0fe3392371293175f25028020ded5267f4cd8e3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e629295bd60abf4da1db85b82819ca6a4f6c1e79"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M963-W3JC-59W6

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41
VLAI
Details

Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21119"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-09T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-m963-w3jc-59w6",
  "modified": "2022-05-24T17:41:31Z",
  "published": "2022-05-24T17:41:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21119"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1160534"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21119"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-M968-9R4W-7GJX

Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2024-05-03 03:30
VLAI
Details

PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of TIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19108.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-27348"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T02:15:12Z",
    "severity": "HIGH"
  },
  "details": "PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of TIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19108.",
  "id": "GHSA-m968-9r4w-7gjx",
  "modified": "2024-05-03T03:30:49Z",
  "published": "2024-05-03T03:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27348"
    },
    {
      "type": "WEB",
      "url": "https://www.tracker-software.com/product/pdf-xchange-editor/history"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-358"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M96G-X499-P5F9

Vulnerability from github – Published: 2022-04-30 00:02 – Updated: 2022-04-30 00:02
VLAI
Details

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-7317"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-04T08:29:00Z",
    "severity": "MODERATE"
  },
  "details": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.",
  "id": "GHSA-m96g-x499-p5f9",
  "modified": "2022-04-30T00:02:15Z",
  "published": "2022-04-30T00:02:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7317"
    },
    {
      "type": "WEB",
      "url": "https://github.com/glennrp/libpng/issues/275"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/May/56"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/May/59"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/May/67"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201908-02"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190719-0005"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3962-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3991-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3997-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4080-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4083-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4435"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4448"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4451"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1265"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1267"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1269"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1308"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1309"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1310"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2494"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2495"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2585"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2590"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2592"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2737"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Apr/30"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Apr/36"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108098"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M972-2XXJ-7F3P

Vulnerability from github – Published: 2022-05-14 00:53 – Updated: 2022-05-14 00:53
VLAI
Details

Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-4961"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-09T19:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
  "id": "GHSA-m972-2xxj-7f3p",
  "modified": "2022-05-14T00:53:43Z",
  "published": "2022-05-14T00:53:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4961"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104169"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040920"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M9C7-7F34-95C8

Vulnerability from github – Published: 2026-05-20 21:31 – Updated: 2026-05-20 21:31
VLAI
Details

Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-9118"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-20T20:16:43Z",
    "severity": "HIGH"
  },
  "details": "Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-m9c7-7f34-95c8",
  "modified": "2026-05-20T21:31:33Z",
  "published": "2026-05-20T21:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9118"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/498702233"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.