CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9806 vulnerabilities reference this CWE, most recent first.
GHSA-P2W5-XCH3-V6PV
Vulnerability from github – Published: 2023-05-18 00:30 – Updated: 2024-04-04 04:13A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
{
"affected": [],
"aliases": [
"CVE-2023-2203"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-17T22:15:10Z",
"severity": "HIGH"
},
"details": "A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.",
"id": "GHSA-p2w5-xch3-v6pv",
"modified": "2024-04-04T04:13:59Z",
"published": "2023-05-18T00:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2203"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:2653"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:3108"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-2203"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188543"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P2XQ-87XH-464R
Vulnerability from github – Published: 2025-04-01 18:30 – Updated: 2025-11-03 21:33In the Linux kernel, the following vulnerability has been resolved:
rapidio: fix an API misues when rio_add_net() fails
rio_add_net() calls device_register() and fails when device_register() fails. Thus, put_device() should be used rather than kfree(). Add "mport->net = NULL;" to avoid a use after free issue.
{
"affected": [],
"aliases": [
"CVE-2025-21934"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-01T16:15:24Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrapidio: fix an API misues when rio_add_net() fails\n\nrio_add_net() calls device_register() and fails when device_register()\nfails. Thus, put_device() should be used rather than kfree(). Add\n\"mport-\u003enet = NULL;\" to avoid a use after free issue.",
"id": "GHSA-p2xq-87xh-464r",
"modified": "2025-11-03T21:33:24Z",
"published": "2025-04-01T18:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21934"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/22e4977141dfc6d109bf29b495bf2187b4250990"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2537f01d57f08c527e40bbb5862aa6ff43344898"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/88ddad53e4cfb6de861c6d4fb7b25427f46baed5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a5f5e520e8fbc6294020ff8afa36f684d92c6e6a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b2ef51c74b0171fde7eb69b6152d3d2f743ef269"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cdd9f58f7fe41a55fae4305ea51fc234769fd466"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d4ec862ce80f64db923a1d942b5d11cf6fc87d36"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f0aa4ee1cbbf7789907e5a3f6810de01c146c211"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P2XR-7HVV-JQ75
Vulnerability from github – Published: 2022-05-14 01:20 – Updated: 2022-05-14 01:20In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.
{
"affected": [],
"aliases": [
"CVE-2018-11412"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-24T18:29:00Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.",
"id": "GHSA-p2xr-7hvv-jq75",
"modified": "2022-05-14T01:20:22Z",
"published": "2022-05-14T01:20:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11412"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0525"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1580"
},
{
"type": "WEB",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=199803"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3752-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3752-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3752-3"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/44832"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104291"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P346-PX87-VF2H
Vulnerability from github – Published: 2024-10-29 03:31 – Updated: 2024-10-30 15:30In the Linux kernel, the following vulnerability has been resolved:
net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()
Commit a3c1e45156ad ("net: microchip: vcap: Fix use-after-free error in kunit test") fixed the use-after-free error, but introduced below memory leaks by removing necessary vcap_free_rule(), add it to fix it.
unreferenced object 0xffffff80ca58b700 (size 192):
comm "kunit_try_catch", pid 1215, jiffies 4294898264
hex dump (first 32 bytes):
00 12 7a 00 05 00 00 00 0a 00 00 00 64 00 00 00 ..z.........d...
00 00 00 00 00 00 00 00 00 04 0b cc 80 ff ff ff ................
backtrace (crc 9c09c3fe):
[<0000000052a0be73>] kmemleak_alloc+0x34/0x40
[<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4
[<0000000040a01b8d>] vcap_alloc_rule+0x3cc/0x9c4
[<000000003fe86110>] vcap_api_encode_rule_test+0x1ac/0x16b0
[<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac
[<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec
[<00000000c5d82c9a>] kthread+0x2e8/0x374
[<00000000f4287308>] ret_from_fork+0x10/0x20
unreferenced object 0xffffff80cc0b0400 (size 64):
comm "kunit_try_catch", pid 1215, jiffies 4294898265
hex dump (first 32 bytes):
80 04 0b cc 80 ff ff ff 18 b7 58 ca 80 ff ff ff ..........X.....
39 00 00 00 02 00 00 00 06 05 04 03 02 01 ff ff 9...............
backtrace (crc daf014e9):
[<0000000052a0be73>] kmemleak_alloc+0x34/0x40
[<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4
[<000000000ff63fd4>] vcap_rule_add_key+0x2cc/0x528
[<00000000dfdb1e81>] vcap_api_encode_rule_test+0x224/0x16b0
[<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac
[<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec
[<00000000c5d82c9a>] kthread+0x2e8/0x374
[<00000000f4287308>] ret_from_fork+0x10/0x20
unreferenced object 0xffffff80cc0b0700 (size 64):
comm "kunit_try_catch", pid 1215, jiffies 4294898265
hex dump (first 32 bytes):
80 07 0b cc 80 ff ff ff 28 b7 58 ca 80 ff ff ff ........(.X.....
3c 00 00 00 00 00 00 00 01 2f 03 b3 ec ff ff ff <......../......
backtrace (crc 8d877792):
[<0000000052a0be73>] kmemleak_alloc+0x34/0x40
[<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4
[<000000006eadfab7>] vcap_rule_add_action+0x2d0/0x52c
[<00000000323475d1>] vcap_api_encode_rule_test+0x4d4/0x16b0
[<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac
[<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec
[<00000000c5d82c9a>] kthread+0x2e8/0x374
[<00000000f4287308>] ret_from_fork+0x10/0x20
unreferenced object 0xffffff80cc0b0900 (size 64):
comm "kunit_try_catch", pid 1215, jiffies 4294898266
hex dump (first 32 bytes):
80 09 0b cc 80 ff ff ff 80 06 0b cc 80 ff ff ff ................
7d 00 00 00 01 00 00 00 00 00 00 00 ff 00 00 00 }...............
backtrace (crc 34181e56):
[<0000000052a0be73>] kmemleak_alloc+0x34/0x40
[<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4
[<000000000ff63fd4>] vcap_rule_add_key+0x2cc/0x528
[<00000000991e3564>] vcap_val_rule+0xcf0/0x13e8
[<00000000fc9868e5>] vcap_api_encode_rule_test+0x678/0x16b0
[<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac
[<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec
[<00000000c5d82c9a>] kthread+0x2e8/0x374
[<00000000f4287308>] ret_from_fork+0x10/0x20
unreferenced object 0xffffff80cc0b0980 (size 64):
comm "kunit_try_catch", pid 1215, jiffies 4294898266
hex dump (first 32 bytes):
18 b7 58 ca 80 ff ff ff 00 09 0b cc 80 ff ff ff ..X.............
67 00 00 00 00 00 00 00 01 01 74 88 c0 ff ff ff g.........t.....
backtrace (crc 275fd9be):
[<0000000052a0be73>] kmemleak_alloc+0x34/0x40
[<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4
[<000000000ff63fd4>] vcap_rule_add_key+0x2cc/0x528
[<000000001396a1a2>] test_add_de
---truncated---
{
"affected": [],
"aliases": [
"CVE-2024-50084"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-29T01:15:05Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()\n\nCommit a3c1e45156ad (\"net: microchip: vcap: Fix use-after-free error in\nkunit test\") fixed the use-after-free error, but introduced below\nmemory leaks by removing necessary vcap_free_rule(), add it to fix it.\n\n\tunreferenced object 0xffffff80ca58b700 (size 192):\n\t comm \"kunit_try_catch\", pid 1215, jiffies 4294898264\n\t hex dump (first 32 bytes):\n\t 00 12 7a 00 05 00 00 00 0a 00 00 00 64 00 00 00 ..z.........d...\n\t 00 00 00 00 00 00 00 00 00 04 0b cc 80 ff ff ff ................\n\t backtrace (crc 9c09c3fe):\n\t [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c0000000040a01b8d\u003e] vcap_alloc_rule+0x3cc/0x9c4\n\t [\u003c000000003fe86110\u003e] vcap_api_encode_rule_test+0x1ac/0x16b0\n\t [\u003c00000000b3595fc4\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c0000000010f5d2bf\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000c5d82c9a\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000f4287308\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cc0b0400 (size 64):\n\t comm \"kunit_try_catch\", pid 1215, jiffies 4294898265\n\t hex dump (first 32 bytes):\n\t 80 04 0b cc 80 ff ff ff 18 b7 58 ca 80 ff ff ff ..........X.....\n\t 39 00 00 00 02 00 00 00 06 05 04 03 02 01 ff ff 9...............\n\t backtrace (crc daf014e9):\n\t [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c000000000ff63fd4\u003e] vcap_rule_add_key+0x2cc/0x528\n\t [\u003c00000000dfdb1e81\u003e] vcap_api_encode_rule_test+0x224/0x16b0\n\t [\u003c00000000b3595fc4\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c0000000010f5d2bf\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000c5d82c9a\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000f4287308\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cc0b0700 (size 64):\n\t comm \"kunit_try_catch\", pid 1215, jiffies 4294898265\n\t hex dump (first 32 bytes):\n\t 80 07 0b cc 80 ff ff ff 28 b7 58 ca 80 ff ff ff ........(.X.....\n\t 3c 00 00 00 00 00 00 00 01 2f 03 b3 ec ff ff ff \u003c......../......\n\t backtrace (crc 8d877792):\n\t [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c000000006eadfab7\u003e] vcap_rule_add_action+0x2d0/0x52c\n\t [\u003c00000000323475d1\u003e] vcap_api_encode_rule_test+0x4d4/0x16b0\n\t [\u003c00000000b3595fc4\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c0000000010f5d2bf\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000c5d82c9a\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000f4287308\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cc0b0900 (size 64):\n\t comm \"kunit_try_catch\", pid 1215, jiffies 4294898266\n\t hex dump (first 32 bytes):\n\t 80 09 0b cc 80 ff ff ff 80 06 0b cc 80 ff ff ff ................\n\t 7d 00 00 00 01 00 00 00 00 00 00 00 ff 00 00 00 }...............\n\t backtrace (crc 34181e56):\n\t [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c000000000ff63fd4\u003e] vcap_rule_add_key+0x2cc/0x528\n\t [\u003c00000000991e3564\u003e] vcap_val_rule+0xcf0/0x13e8\n\t [\u003c00000000fc9868e5\u003e] vcap_api_encode_rule_test+0x678/0x16b0\n\t [\u003c00000000b3595fc4\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c0000000010f5d2bf\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000c5d82c9a\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000f4287308\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cc0b0980 (size 64):\n\t comm \"kunit_try_catch\", pid 1215, jiffies 4294898266\n\t hex dump (first 32 bytes):\n\t 18 b7 58 ca 80 ff ff ff 00 09 0b cc 80 ff ff ff ..X.............\n\t 67 00 00 00 00 00 00 00 01 01 74 88 c0 ff ff ff g.........t.....\n\t backtrace (crc 275fd9be):\n\t [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c000000000ff63fd4\u003e] vcap_rule_add_key+0x2cc/0x528\n\t [\u003c000000001396a1a2\u003e] test_add_de\n---truncated---",
"id": "GHSA-p346-px87-vf2h",
"modified": "2024-10-30T15:30:46Z",
"published": "2024-10-29T03:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50084"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/170792097bb21e5da77443b6a03d35489813eabe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/20b5342de51bda794791e013b90754774003a515"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/217a3d98d1e9891a8b1438a27dfbc64ddf01f691"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P35Q-VVHX-5RQ6
Vulnerability from github – Published: 2024-11-20 00:32 – Updated: 2024-11-20 18:32In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use after free. This could lead to local arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. https://source.android.com/security/bulletin/2018-07-01
{
"affected": [],
"aliases": [
"CVE-2018-9428"
],
"database_specific": {
"cwe_ids": [
"CWE-416",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-19T22:15:19Z",
"severity": "HIGH"
},
"details": "In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use after free. This could lead to local arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. https://source.android.com/security/bulletin/2018-07-01",
"id": "GHSA-p35q-vvhx-5rq6",
"modified": "2024-11-20T18:32:16Z",
"published": "2024-11-20T00:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9428"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-07-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P36V-2C7W-2X8F
Vulnerability from github – Published: 2023-05-12 18:30 – Updated: 2024-04-04 04:04Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2023-2458"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-12T18:15:09Z",
"severity": "HIGH"
},
"details": "Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High)",
"id": "GHSA-p36v-2c7w-2x8f",
"modified": "2024-04-04T04:04:24Z",
"published": "2023-05-12T18:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2458"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-chromeos.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1430692"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P379-73VV-4H7J
Vulnerability from github – Published: 2026-06-12 00:31 – Updated: 2026-06-12 03:31Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowed an attacker on the local network segment to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-12014"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-11T22:16:53Z",
"severity": "HIGH"
},
"details": "Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowed an attacker on the local network segment to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: High)",
"id": "GHSA-p379-73vv-4h7j",
"modified": "2026-06-12T03:31:28Z",
"published": "2026-06-12T00:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12014"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/514742747"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P384-CV6J-HXG8
Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2019-5759"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-19T17:29:00Z",
"severity": "CRITICAL"
},
"details": "Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"id": "GHSA-p384-cv6j-hxg8",
"modified": "2022-05-13T01:06:29Z",
"published": "2022-05-13T01:06:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5759"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0309"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/912211"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4395"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106767"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P38J-QVHV-9439
Vulnerability from github – Published: 2023-09-11 15:31 – Updated: 2024-04-04 07:35Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2019-16471"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-11T14:15:07Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-p38j-qvhv-9439",
"modified": "2024-04-04T07:35:07Z",
"published": "2023-09-11T15:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16471"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-55.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P3C6-HV53-XJ57
Vulnerability from github – Published: 2022-05-13 01:19 – Updated: 2022-05-13 01:19Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2018-17462"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-14T15:29:00Z",
"severity": "CRITICAL"
},
"details": "Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.",
"id": "GHSA-p3c6-hv53-xj57",
"modified": "2022-05-13T01:19:26Z",
"published": "2022-05-13T01:19:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17462"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/888926"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201811-10"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4330"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105666"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.