Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-QV22-CG44-HH8C

Vulnerability from github – Published: 2023-12-08 18:30 – Updated: 2023-12-13 18:31
VLAI
Details

In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-48414"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-08T16:15:18Z",
    "severity": "MODERATE"
  },
  "details": "In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n",
  "id": "GHSA-qv22-cg44-hh8c",
  "modified": "2023-12-13T18:31:01Z",
  "published": "2023-12-08T18:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48414"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2023-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QV25-9F5Q-RJ39

Vulnerability from github – Published: 2025-09-17 09:30 – Updated: 2025-09-17 09:30
VLAI
Details

A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-9449"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-17T07:15:42Z",
    "severity": "HIGH"
  },
  "details": "A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file.",
  "id": "GHSA-qv25-9f5q-rj39",
  "modified": "2025-09-17T09:30:44Z",
  "published": "2025-09-17T09:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9449"
    },
    {
      "type": "WEB",
      "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-9449"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QV39-C232-842J

Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 03:31
VLAI
Details

Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-10901"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-04T23:16:51Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)",
  "id": "GHSA-qv39-c232-842j",
  "modified": "2026-06-05T03:31:30Z",
  "published": "2026-06-05T00:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10901"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/516957738"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QV58-XPXR-7HJX

Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06
VLAI
Details

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5113, and CVE-2015-5114.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-5111"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-07-15T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5113, and CVE-2015-5114.",
  "id": "GHSA-qv58-xpxr-7hjx",
  "modified": "2022-05-13T01:06:50Z",
  "published": "2022-05-13T01:06:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5111"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/75739"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032892"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QV5H-FQ2W-C68J

Vulnerability from github – Published: 2022-05-14 01:47 – Updated: 2022-05-14 01:47
VLAI
Details

The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-17053"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-29T03:29:00Z",
    "severity": "HIGH"
  },
  "details": "The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.",
  "id": "GHSA-qv5h-fq2w-c68j",
  "modified": "2022-05-14T01:47:11Z",
  "published": "2022-05-14T01:47:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17053"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0676"
    },
    {
      "type": "WEB",
      "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102010"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QV8P-84PR-826V

Vulnerability from github – Published: 2026-06-09 00:33 – Updated: 2026-06-09 03:31
VLAI
Details

Use after free in Dawn in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-11687"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T00:16:52Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Dawn in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-qv8p-84pr-826v",
  "modified": "2026-06-09T03:31:39Z",
  "published": "2026-06-09T00:33:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11687"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/517303276"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QVFP-RJPG-W73V

Vulnerability from github – Published: 2024-01-18 03:30 – Updated: 2024-01-24 21:30
VLAI
Details

In vsp driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-48353"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-18T03:15:57Z",
    "severity": "MODERATE"
  },
  "details": "In vsp driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed",
  "id": "GHSA-qvfp-rjpg-w73v",
  "modified": "2024-01-24T21:30:33Z",
  "published": "2024-01-18T03:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48353"
    },
    {
      "type": "WEB",
      "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1745735200442220545"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QVG2-H6W2-CVWJ

Vulnerability from github – Published: 2023-07-05 12:30 – Updated: 2024-01-07 12:30
VLAI
Details

A use-after-free condition existed in NotifyOnHistoryReload where a LoadingSessionHistoryEntry object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox < 115.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-37209"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-05T10:15:09Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained.  This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox \u003c 115.",
  "id": "GHSA-qvg2-h6w2-cvwj",
  "modified": "2024-01-07T12:30:29Z",
  "published": "2023-07-05T12:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37209"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837993"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-10"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-22"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QVH7-J2X6-25X5

Vulnerability from github – Published: 2022-05-02 03:46 – Updated: 2024-02-02 18:30
VLAI
Details

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-3553"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-11-20T02:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count.  NOTE: some of these details are obtained from third party information.",
  "id": "GHSA-qvh7-j2x6-25x5",
  "modified": "2024-02-02T18:30:21Z",
  "published": "2022-05-02T03:46:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3553"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2009:1595"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2009-3553"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530111"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11183"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00332.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37360"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37364"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38241"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43521"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201207-10.xml"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275230-1"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4004"
    },
    {
      "type": "WEB",
      "url": "http://www.cups.org/newsgroups.php/newsgroups.php?v5994+gcups.bugs"
    },
    {
      "type": "WEB",
      "url": "http://www.cups.org/newsgroups.php/newsgroups.php?v5996+gcups.bugs"
    },
    {
      "type": "WEB",
      "url": "http://www.cups.org/newsgroups.php/newsgroups.php?v6055+gcups.bugs"
    },
    {
      "type": "WEB",
      "url": "http://www.cups.org/str.php?L3200"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2011/dsa-2176"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:073"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1595.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/37048"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-906-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0173"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0535"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QVM5-4FH7-HCFX

Vulnerability from github – Published: 2022-02-11 00:01 – Updated: 2023-01-19 18:30
VLAI
Details

A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-4154"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-04T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel\u0027s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.",
  "id": "GHSA-qvm5-4fh7-hcfx",
  "modified": "2023-01-19T18:30:27Z",
  "published": "2022-02-11T00:01:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4154"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034514"
    },
    {
      "type": "WEB",
      "url": "https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-002"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220225-0004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.