Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-QJ6G-J854-32GC

Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 18:31
VLAI
Details

Race in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-11082"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-04T23:17:12Z",
    "severity": "CRITICAL"
  },
  "details": "Race in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)",
  "id": "GHSA-qj6g-j854-32gc",
  "modified": "2026-06-05T18:31:34Z",
  "published": "2026-06-05T00:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11082"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/500079715"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJ72-6765-VJX4

Vulnerability from github – Published: 2024-05-14 18:31 – Updated: 2024-05-14 18:31
VLAI
Details

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-30031"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T17:17:03Z",
    "severity": "HIGH"
  },
  "details": "Windows CNG Key Isolation Service Elevation of Privilege Vulnerability",
  "id": "GHSA-qj72-6765-vjx4",
  "modified": "2024-05-14T18:31:04Z",
  "published": "2024-05-14T18:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30031"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30031"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJ8J-993W-XQ64

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-13 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix use-after-free on amdgpu_bo_list mutex

If amdgpu_cs_vm_handling returns r != 0, then it will unlock the bo_list_mutex inside the function amdgpu_cs_vm_handling and again on amdgpu_cs_parser_fini. This problem results in the following use-after-free problem:

[ 220.280990] ------------[ cut here ]------------ [ 220.281000] refcount_t: underflow; use-after-free. [ 220.281019] WARNING: CPU: 1 PID: 3746 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110 [ 220.281029] ------------[ cut here ]------------ [ 220.281415] CPU: 1 PID: 3746 Comm: chrome:cs0 Tainted: G W L ------- --- 5.20.0-0.rc0.20220812git7ebfc85e2cd7.10.fc38.x86_64 #1 [ 220.281421] Hardware name: System manufacturer System Product Name/ROG STRIX X570-I GAMING, BIOS 4403 04/27/2022 [ 220.281426] RIP: 0010:refcount_warn_saturate+0xba/0x110 [ 220.281431] Code: 01 01 e8 79 4a 6f 00 0f 0b e9 42 47 a5 00 80 3d de 7e be 01 00 75 85 48 c7 c7 f8 98 8e 98 c6 05 ce 7e be 01 01 e8 56 4a 6f 00 <0f> 0b e9 1f 47 a5 00 80 3d b9 7e be 01 00 0f 85 5e ff ff ff 48 c7 [ 220.281437] RSP: 0018:ffffb4b0d18d7a80 EFLAGS: 00010282 [ 220.281443] RAX: 0000000000000026 RBX: 0000000000000003 RCX: 0000000000000000 [ 220.281448] RDX: 0000000000000001 RSI: ffffffff988d06dc RDI: 00000000ffffffff [ 220.281452] RBP: 00000000ffffffff R08: 0000000000000000 R09: ffffb4b0d18d7930 [ 220.281457] R10: 0000000000000003 R11: ffffa0672e2fffe8 R12: ffffa058ca360400 [ 220.281461] R13: ffffa05846c50a18 R14: 00000000fffffe00 R15: 0000000000000003 [ 220.281465] FS: 00007f82683e06c0(0000) GS:ffffa066e2e00000(0000) knlGS:0000000000000000 [ 220.281470] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 220.281475] CR2: 00003590005cc000 CR3: 00000001fca46000 CR4: 0000000000350ee0 [ 220.281480] Call Trace: [ 220.281485] [ 220.281490] amdgpu_cs_ioctl+0x4e2/0x2070 [amdgpu] [ 220.281806] ? amdgpu_cs_find_mapping+0xe0/0xe0 [amdgpu] [ 220.282028] drm_ioctl_kernel+0xa4/0x150 [ 220.282043] drm_ioctl+0x21f/0x420 [ 220.282053] ? amdgpu_cs_find_mapping+0xe0/0xe0 [amdgpu] [ 220.282275] ? lock_release+0x14f/0x460 [ 220.282282] ? _raw_spin_unlock_irqrestore+0x30/0x60 [ 220.282290] ? _raw_spin_unlock_irqrestore+0x30/0x60 [ 220.282297] ? lockdep_hardirqs_on+0x7d/0x100 [ 220.282305] ? _raw_spin_unlock_irqrestore+0x40/0x60 [ 220.282317] amdgpu_drm_ioctl+0x4a/0x80 [amdgpu] [ 220.282534] __x64_sys_ioctl+0x90/0xd0 [ 220.282545] do_syscall_64+0x5b/0x80 [ 220.282551] ? futex_wake+0x6c/0x150 [ 220.282568] ? lock_is_held_type+0xe8/0x140 [ 220.282580] ? do_syscall_64+0x67/0x80 [ 220.282585] ? lockdep_hardirqs_on+0x7d/0x100 [ 220.282592] ? do_syscall_64+0x67/0x80 [ 220.282597] ? do_syscall_64+0x67/0x80 [ 220.282602] ? lockdep_hardirqs_on+0x7d/0x100 [ 220.282609] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 220.282616] RIP: 0033:0x7f8282a4f8bf [ 220.282639] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 220.282644] RSP: 002b:00007f82683df410 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 220.282651] RAX: ffffffffffffffda RBX: 00007f82683df588 RCX: 00007f8282a4f8bf [ 220.282655] RDX: 00007f82683df4d0 RSI: 00000000c0186444 RDI: 0000000000000018 [ 220.282659] RBP: 00007f82683df4d0 R08: 00007f82683df5e0 R09: 00007f82683df4b0 [ 220.282663] R10: 00001d04000a0600 R11: 0000000000000246 R12: 00000000c0186444 [ 220.282667] R13: 0000000000000018 R14: 00007f82683df588 R15: 0000000000000003 [ 220.282689] [ 220.282693] irq event stamp: 6232311 [ 220.282697] hardirqs last enabled at (6232319): [] __up_console_sem+0x5e/0x70 [ 220.282704] hardirqs last disabled at (6232326): [] __up_console_sem+0x43/0x70 [ 220.282709] softirqs last enabled at (6232072): [] __irq_exit_rcu+0xf9/0x170 [ 220.282716] softirqs last disabled at (6232061): [<ffffffff97 ---truncated---

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50035"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:31Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix use-after-free on amdgpu_bo_list mutex\n\nIf amdgpu_cs_vm_handling returns r != 0, then it will unlock the\nbo_list_mutex inside the function amdgpu_cs_vm_handling and again on\namdgpu_cs_parser_fini. This problem results in the following\nuse-after-free problem:\n\n[ 220.280990] ------------[ cut here ]------------\n[ 220.281000] refcount_t: underflow; use-after-free.\n[ 220.281019] WARNING: CPU: 1 PID: 3746 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110\n[ 220.281029] ------------[ cut here ]------------\n[ 220.281415] CPU: 1 PID: 3746 Comm: chrome:cs0 Tainted: G W L ------- --- 5.20.0-0.rc0.20220812git7ebfc85e2cd7.10.fc38.x86_64 #1\n[ 220.281421] Hardware name: System manufacturer System Product Name/ROG STRIX X570-I GAMING, BIOS 4403 04/27/2022\n[ 220.281426] RIP: 0010:refcount_warn_saturate+0xba/0x110\n[ 220.281431] Code: 01 01 e8 79 4a 6f 00 0f 0b e9 42 47 a5 00 80 3d de\n7e be 01 00 75 85 48 c7 c7 f8 98 8e 98 c6 05 ce 7e be 01 01 e8 56 4a\n6f 00 \u003c0f\u003e 0b e9 1f 47 a5 00 80 3d b9 7e be 01 00 0f 85 5e ff ff ff 48\nc7\n[ 220.281437] RSP: 0018:ffffb4b0d18d7a80 EFLAGS: 00010282\n[ 220.281443] RAX: 0000000000000026 RBX: 0000000000000003 RCX: 0000000000000000\n[ 220.281448] RDX: 0000000000000001 RSI: ffffffff988d06dc RDI: 00000000ffffffff\n[ 220.281452] RBP: 00000000ffffffff R08: 0000000000000000 R09: ffffb4b0d18d7930\n[ 220.281457] R10: 0000000000000003 R11: ffffa0672e2fffe8 R12: ffffa058ca360400\n[ 220.281461] R13: ffffa05846c50a18 R14: 00000000fffffe00 R15: 0000000000000003\n[ 220.281465] FS: 00007f82683e06c0(0000) GS:ffffa066e2e00000(0000) knlGS:0000000000000000\n[ 220.281470] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 220.281475] CR2: 00003590005cc000 CR3: 00000001fca46000 CR4: 0000000000350ee0\n[ 220.281480] Call Trace:\n[ 220.281485] \u003cTASK\u003e\n[ 220.281490] amdgpu_cs_ioctl+0x4e2/0x2070 [amdgpu]\n[ 220.281806] ? amdgpu_cs_find_mapping+0xe0/0xe0 [amdgpu]\n[ 220.282028] drm_ioctl_kernel+0xa4/0x150\n[ 220.282043] drm_ioctl+0x21f/0x420\n[ 220.282053] ? amdgpu_cs_find_mapping+0xe0/0xe0 [amdgpu]\n[ 220.282275] ? lock_release+0x14f/0x460\n[ 220.282282] ? _raw_spin_unlock_irqrestore+0x30/0x60\n[ 220.282290] ? _raw_spin_unlock_irqrestore+0x30/0x60\n[ 220.282297] ? lockdep_hardirqs_on+0x7d/0x100\n[ 220.282305] ? _raw_spin_unlock_irqrestore+0x40/0x60\n[ 220.282317] amdgpu_drm_ioctl+0x4a/0x80 [amdgpu]\n[ 220.282534] __x64_sys_ioctl+0x90/0xd0\n[ 220.282545] do_syscall_64+0x5b/0x80\n[ 220.282551] ? futex_wake+0x6c/0x150\n[ 220.282568] ? lock_is_held_type+0xe8/0x140\n[ 220.282580] ? do_syscall_64+0x67/0x80\n[ 220.282585] ? lockdep_hardirqs_on+0x7d/0x100\n[ 220.282592] ? do_syscall_64+0x67/0x80\n[ 220.282597] ? do_syscall_64+0x67/0x80\n[ 220.282602] ? lockdep_hardirqs_on+0x7d/0x100\n[ 220.282609] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[ 220.282616] RIP: 0033:0x7f8282a4f8bf\n[ 220.282639] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10\n00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00\n0f 05 \u003c89\u003e c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00\n00\n[ 220.282644] RSP: 002b:00007f82683df410 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n[ 220.282651] RAX: ffffffffffffffda RBX: 00007f82683df588 RCX: 00007f8282a4f8bf\n[ 220.282655] RDX: 00007f82683df4d0 RSI: 00000000c0186444 RDI: 0000000000000018\n[ 220.282659] RBP: 00007f82683df4d0 R08: 00007f82683df5e0 R09: 00007f82683df4b0\n[ 220.282663] R10: 00001d04000a0600 R11: 0000000000000246 R12: 00000000c0186444\n[ 220.282667] R13: 0000000000000018 R14: 00007f82683df588 R15: 0000000000000003\n[ 220.282689] \u003c/TASK\u003e\n[ 220.282693] irq event stamp: 6232311\n[ 220.282697] hardirqs last enabled at (6232319): [\u003cffffffff9718cd7e\u003e] __up_console_sem+0x5e/0x70\n[ 220.282704] hardirqs last disabled at (6232326): [\u003cffffffff9718cd63\u003e] __up_console_sem+0x43/0x70\n[ 220.282709] softirqs last enabled at (6232072): [\u003cffffffff970ff669\u003e] __irq_exit_rcu+0xf9/0x170\n[ 220.282716] softirqs last disabled at (6232061): [\u003cffffffff97\n---truncated---",
  "id": "GHSA-qj8j-993w-xq64",
  "modified": "2025-11-13T21:31:18Z",
  "published": "2025-06-18T12:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50035"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1b38e3b423f0bb41ee6abae5ca9deec1546ba227"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bbca24d0a3c11193bafb9e174f89f52a379006e3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJCM-4W5P-GW32

Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2022-09-13 00:00
VLAI
Details

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of ossec-alert formatted msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-8444"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-30T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of ossec-alert formatted msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted).",
  "id": "GHSA-qjcm-4w5p-gw32",
  "modified": "2022-09-13T00:00:37Z",
  "published": "2022-05-24T17:07:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8444"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ossec/ossec-hids/issues/1817"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ossec/ossec-hids/issues/1821"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202007-33"
    },
    {
      "type": "WEB",
      "url": "https://www.ossec.net"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJF4-G2GG-W6PQ

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2025-10-22 00:32
VLAI
Details

Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40450, CVE-2021-41357.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40449"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-13T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40450, CVE-2021-41357.",
  "id": "GHSA-qjf4-g2gg-w6pq",
  "modified": "2025-10-22T00:32:25Z",
  "published": "2022-05-24T19:17:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40449"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40449"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40449"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/164926/Win32k-NtGdiResetDC-Use-After-Free-Local-Privilege-Escalation.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJG3-FXFR-J85C

Vulnerability from github – Published: 2022-05-14 03:54 – Updated: 2022-05-14 03:54
VLAI
Details

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-2994"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-15T06:59:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution.",
  "id": "GHSA-qjg3-fxfr-j85c",
  "modified": "2022-05-14T03:54:51Z",
  "published": "2022-05-14T03:54:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2994"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201702-20"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0526.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96199"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037815"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJJH-RRMV-PFG7

Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2022-05-24 16:55
VLAI
Details

In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-9273"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-06T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-qjjh-rrmv-pfg7",
  "modified": "2022-05-24T16:55:36Z",
  "published": "2022-05-24T16:55:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9273"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2019-09-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QJM7-3PG8-FH7V

Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2022-05-13 01:11
VLAI
Details

The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14528"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-18T00:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.",
  "id": "GHSA-qjm7-3pg8-fh7v",
  "modified": "2022-05-13T01:11:30Z",
  "published": "2022-05-13T01:11:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14528"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=32560"
    },
    {
      "type": "WEB",
      "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2730"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100875"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJM7-F9MJ-293H

Vulnerability from github – Published: 2025-04-08 18:34 – Updated: 2025-04-08 18:34
VLAI
Details

Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-26648"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-08T18:15:48Z",
    "severity": "HIGH"
  },
  "details": "Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-qjm7-f9mj-293h",
  "modified": "2025-04-08T18:34:46Z",
  "published": "2025-04-08T18:34:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26648"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26648"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJRM-W88W-XV67

Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 03:31
VLAI
Details

Use after free in MimeHandlerView in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-10956"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-04T23:16:58Z",
    "severity": "HIGH"
  },
  "details": "Use after free in MimeHandlerView in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-qjrm-w88w-xv67",
  "modified": "2026-06-05T03:31:32Z",
  "published": "2026-06-05T00:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10956"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/506375731"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.