CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9811 vulnerabilities reference this CWE, most recent first.
GHSA-MRC9-J4RV-W622
Vulnerability from github – Published: 2023-03-27 21:30 – Updated: 2023-03-27 21:30Adobe Photoshop versions 23.5.3 (and earlier) and 24.1.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2023-25908"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-27T21:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Photoshop versions 23.5.3 (and earlier) and 24.1.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-mrc9-j4rv-w622",
"modified": "2023-03-27T21:30:24Z",
"published": "2023-03-27T21:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25908"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/photoshop/apsb23-23.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MRCJ-939X-PH52
Vulnerability from github – Published: 2023-03-29 21:30 – Updated: 2023-04-10 18:30This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18627.
{
"affected": [],
"aliases": [
"CVE-2022-43638"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-29T19:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18627.",
"id": "GHSA-mrcj-939x-ph52",
"modified": "2023-04-10T18:30:22Z",
"published": "2023-03-29T21:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43638"
},
{
"type": "WEB",
"url": "https://www.foxit.com/support/security-bulletins.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1658"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MRJJ-7F34-VQ7C
Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 15:35Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2026-14018"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-30T23:17:14Z",
"severity": "HIGH"
},
"details": "Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)",
"id": "GHSA-mrjj-7f34-vq7c",
"modified": "2026-07-01T15:35:07Z",
"published": "2026-07-01T00:34:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14018"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/517350251"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MRMC-2F6J-HCP2
Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2025-12-11 18:30In the Linux kernel, the following vulnerability has been resolved:
ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
There is an use-after-free reported by KASAN:
BUG: KASAN: use-after-free in acpi_ut_remove_reference+0x3b/0x82 Read of size 1 at addr ffff888112afc460 by task modprobe/2111 CPU: 0 PID: 2111 Comm: modprobe Not tainted 6.1.0-rc7-dirty Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), Call Trace: kasan_report+0xae/0xe0 acpi_ut_remove_reference+0x3b/0x82 acpi_ut_copy_iobject_to_iobject+0x3be/0x3d5 acpi_ds_store_object_to_local+0x15d/0x3a0 acpi_ex_store+0x78d/0x7fd acpi_ex_opcode_1A_1T_1R+0xbe4/0xf9b acpi_ps_parse_aml+0x217/0x8d5 ...
The root cause of the problem is that the acpi_operand_object is freed when acpi_ut_walk_package_tree() fails in acpi_ut_copy_ipackage_to_ipackage(), lead to repeated release in acpi_ut_copy_iobject_to_iobject(). The problem was introduced by "8aa5e56eeb61" commit, this commit is to fix memory leak in acpi_ut_copy_iobject_to_iobject(), repeatedly adding remove operation, lead to "acpi_operand_object" used after free.
Fix it by removing acpi_ut_remove_reference() in acpi_ut_copy_ipackage_to_ipackage(). acpi_ut_copy_ipackage_to_ipackage() is called to copy an internal package object into another internal package object, when it fails, the memory of acpi_operand_object should be freed by the caller.
{
"affected": [],
"aliases": [
"CVE-2022-50423"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T12:15:33Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()\n\nThere is an use-after-free reported by KASAN:\n\n BUG: KASAN: use-after-free in acpi_ut_remove_reference+0x3b/0x82\n Read of size 1 at addr ffff888112afc460 by task modprobe/2111\n CPU: 0 PID: 2111 Comm: modprobe Not tainted 6.1.0-rc7-dirty\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),\n Call Trace:\n \u003cTASK\u003e\n kasan_report+0xae/0xe0\n acpi_ut_remove_reference+0x3b/0x82\n acpi_ut_copy_iobject_to_iobject+0x3be/0x3d5\n acpi_ds_store_object_to_local+0x15d/0x3a0\n acpi_ex_store+0x78d/0x7fd\n acpi_ex_opcode_1A_1T_1R+0xbe4/0xf9b\n acpi_ps_parse_aml+0x217/0x8d5\n ...\n \u003c/TASK\u003e\n\nThe root cause of the problem is that the acpi_operand_object\nis freed when acpi_ut_walk_package_tree() fails in\nacpi_ut_copy_ipackage_to_ipackage(), lead to repeated release in\nacpi_ut_copy_iobject_to_iobject(). The problem was introduced\nby \"8aa5e56eeb61\" commit, this commit is to fix memory leak in\nacpi_ut_copy_iobject_to_iobject(), repeatedly adding remove\noperation, lead to \"acpi_operand_object\" used after free.\n\nFix it by removing acpi_ut_remove_reference() in\nacpi_ut_copy_ipackage_to_ipackage(). acpi_ut_copy_ipackage_to_ipackage()\nis called to copy an internal package object into another internal\npackage object, when it fails, the memory of acpi_operand_object\nshould be freed by the caller.",
"id": "GHSA-mrmc-2f6j-hcp2",
"modified": "2025-12-11T18:30:36Z",
"published": "2025-10-01T12:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50423"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/01f2c2052ea50fb9a8ce12e4e83aed0267934ef0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/02617006b5a46f2ea55ac61f5693c7afd7bf9276"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/02f237423c9c6a18e062de2d474f85d5659e4eb9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/133462d35dae95edb944af86b986d4c9dec59bd1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/470188b09e92d83c5a997f25f0e8fb8cd2bc3469"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6fde666278f91b85d71545a0ebbf41d8d7af8074"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c9125b643fc51b8e662f2f614096ceb45a0adbc3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dfdde4d5138bc023897033a5ac653a84e94805be"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f51b2235e4f320edc839c3e5cb0d1f8a6e8657c6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MRP2-WX3J-867F
Vulnerability from github – Published: 2026-01-01 18:30 – Updated: 2026-01-05 21:30Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to the previously freed heap chunk, that in specific cases could cause unintended virtual filesystem rename/move operation results.
This issue affects Apache NuttX RTOS: from 7.20 before 12.11.0.
Users of virtual filesystem based services with write access especially when exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.11.0 that fixes the issue.
{
"affected": [],
"aliases": [
"CVE-2025-48769"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-01T17:15:43Z",
"severity": "MODERATE"
},
"details": "Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to the previously freed heap chunk, that in specific cases could cause unintended virtual filesystem rename/move operation results.\n\nThis issue affects Apache NuttX RTOS: from 7.20 before 12.11.0.\n\nUsers of virtual filesystem based services with write access especially when exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.11.0 that fixes the issue.",
"id": "GHSA-mrp2-wx3j-867f",
"modified": "2026-01-05T21:30:28Z",
"published": "2026-01-01T18:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48769"
},
{
"type": "WEB",
"url": "https://github.com/apache/nuttx/pull/16455"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/7m83v11ldfq7bvw72n9t5sccocczocjn"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/12/31/11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MRPV-WRF5-7WR6
Vulnerability from github – Published: 2025-09-22 21:30 – Updated: 2026-05-12 15:31In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: fix use-after-free in cmp_bss()
Following bss_free() quirk introduced in commit 776b3580178f ("cfg80211: track hidden SSID networks properly"), adjust cfg80211_update_known_bss() to free the last beacon frame elements only if they're not shared via the corresponding 'hidden_beacon_bss' pointer.
{
"affected": [],
"aliases": [
"CVE-2025-39864"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-19T16:15:45Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: fix use-after-free in cmp_bss()\n\nFollowing bss_free() quirk introduced in commit 776b3580178f\n(\"cfg80211: track hidden SSID networks properly\"), adjust\ncfg80211_update_known_bss() to free the last beacon frame\nelements only if they\u0027re not shared via the corresponding\n\u0027hidden_beacon_bss\u0027 pointer.",
"id": "GHSA-mrpv-wrf5-7wr6",
"modified": "2026-05-12T15:31:10Z",
"published": "2025-09-22T21:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39864"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-089022.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/26e84445f02ce6b2fe5f3e0e28ff7add77f35e08"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5b7ae04969f822283a95c866967e42b4d75e0eef"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6854476d9e1aeaaf05ebc98d610061c2075db07d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/912c4b66bef713a20775cfbf3b5e9bd71525c716"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a8bb681e879ca3c9f722aa08d3d7ae41c42a8807"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a97a9791e455bb0cd5e7a38b5abcb05523d4e21c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b7d08929178c16398278613df07ad65cf63cce9d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ff040562c10a540b8d851f7f4145fa112977f853"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MRQ3-X9XW-5CQM
Vulnerability from github – Published: 2026-06-29 21:32 – Updated: 2026-06-30 00:31A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption.
{
"affected": [],
"aliases": [
"CVE-2026-43731"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-29T20:17:37Z",
"severity": "HIGH"
},
"details": "A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption.",
"id": "GHSA-mrq3-x9xw-5cqm",
"modified": "2026-06-30T00:31:29Z",
"published": "2026-06-29T21:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43731"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127594"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127595"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127685"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MRXW-MXHJ-P664
Vulnerability from github – Published: 2025-03-14 18:51 – Updated: 2025-03-21 15:43Summary
Nokogiri v1.18.4 upgrades its dependency libxslt to v1.1.43.
libxslt v1.1.43 resolves:
- CVE-2025-24855: Fix use-after-free of XPath context node
- CVE-2024-55549: Fix UAF related to excluded namespaces
Impact
CVE-2025-24855
- "Use-after-free due to xsltEvalXPathStringNs leaking xpathCtxt->node"
- MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
- Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/128
- NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-24855
CVE-2024-55549
- "Use-after-free related to excluded result prefixes"
- MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
- Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/127
- NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2024-55549
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "nokogiri"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1395",
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-14T18:51:37Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "## Summary\n\nNokogiri v1.18.4 upgrades its dependency libxslt to [v1.1.43](https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.43).\n\nlibxslt v1.1.43 resolves:\n\n- CVE-2025-24855: Fix use-after-free of XPath context node\n- CVE-2024-55549: Fix UAF related to excluded namespaces\n\n## Impact\n\n### CVE-2025-24855\n\n- \"Use-after-free due to xsltEvalXPathStringNs leaking xpathCtxt-\u003enode\"\n- MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H\n- Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/128\n- NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-24855\n\n### CVE-2024-55549\n\n- \"Use-after-free related to excluded result prefixes\"\n- MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H\n- Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/127\n- NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2024-55549",
"id": "GHSA-mrxw-mxhj-p664",
"modified": "2025-03-21T15:43:15Z",
"published": "2025-03-14T18:51:37Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-mrxw-mxhj-p664"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55549"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24855"
},
{
"type": "PACKAGE",
"url": "https://github.com/sparklemotion/nokogiri"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/127"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/128"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs"
}
GHSA-MV25-M6G9-HCG7
Vulnerability from github – Published: 2022-05-14 01:20 – Updated: 2024-07-15 21:31In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2018-1000039"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-24T13:29:00Z",
"severity": "HIGH"
},
"details": "In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.",
"id": "GHSA-mv25-m6g9-hcg7",
"modified": "2024-07-15T21:31:06Z",
"published": "2022-05-14T01:20:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000039"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5492"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5513"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5521"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5604"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698883"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698888"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698891"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698892"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698901"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201811-15"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=4dcc6affe04368461310a21238f7e1871a752a05%3Bhp=8ec561d1bccc46e9db40a9f61310cd8b3763914e"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=71ceebcf56e682504da22c4035b39a2d451e8ffd%3Bhp=7f82c01523505052615492f8e220f4348ba46995"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=f597300439e62f5e921f0d7b1e880b5c1a1f1607%3Bhp=093fc3b098dc5fadef5d8ad4b225db9fb124758b"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=4dcc6affe04368461310a21238f7e1871a752a05;hp=8ec561d1bccc46e9db40a9f61310cd8b3763914e"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MV2H-WFGR-5Q32
Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2022-07-24 00:00A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2020-9951"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-16T17:15:00Z",
"severity": "HIGH"
},
"details": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.",
"id": "GHSA-mv2h-wfgr-5q32",
"modified": "2022-07-24T00:00:34Z",
"published": "2022-05-24T17:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9951"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202012-10"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT211845"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211843"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211844"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211850"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211935"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211952"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4797"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/Nov/18"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/Nov/19"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/Nov/20"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/Nov/22"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/11/23/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.