CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-QV22-CG44-HH8C
Vulnerability from github – Published: 2023-12-08 18:30 – Updated: 2023-12-13 18:31In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2023-48414"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-08T16:15:18Z",
"severity": "MODERATE"
},
"details": "In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n",
"id": "GHSA-qv22-cg44-hh8c",
"modified": "2023-12-13T18:31:01Z",
"published": "2023-12-08T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48414"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QV25-9F5Q-RJ39
Vulnerability from github – Published: 2025-09-17 09:30 – Updated: 2025-09-17 09:30A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file.
{
"affected": [],
"aliases": [
"CVE-2025-9449"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-17T07:15:42Z",
"severity": "HIGH"
},
"details": "A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file.",
"id": "GHSA-qv25-9f5q-rj39",
"modified": "2025-09-17T09:30:44Z",
"published": "2025-09-17T09:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9449"
},
{
"type": "WEB",
"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-9449"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QV39-C232-842J
Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 03:31Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
{
"affected": [],
"aliases": [
"CVE-2026-10901"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-04T23:16:51Z",
"severity": "HIGH"
},
"details": "Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)",
"id": "GHSA-qv39-c232-842j",
"modified": "2026-06-05T03:31:30Z",
"published": "2026-06-05T00:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10901"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/516957738"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QV58-XPXR-7HJX
Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5113, and CVE-2015-5114.
{
"affected": [],
"aliases": [
"CVE-2015-5111"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-07-15T14:59:00Z",
"severity": "MODERATE"
},
"details": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5113, and CVE-2015-5114.",
"id": "GHSA-qv58-xpxr-7hjx",
"modified": "2022-05-13T01:06:50Z",
"published": "2022-05-13T01:06:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5111"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/75739"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032892"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QV5H-FQ2W-C68J
Vulnerability from github – Published: 2022-05-14 01:47 – Updated: 2022-05-14 01:47The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.
{
"affected": [],
"aliases": [
"CVE-2017-17053"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-29T03:29:00Z",
"severity": "HIGH"
},
"details": "The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.",
"id": "GHSA-qv5h-fq2w-c68j",
"modified": "2022-05-14T01:47:11Z",
"published": "2022-05-14T01:47:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17053"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"type": "WEB",
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102010"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QV8P-84PR-826V
Vulnerability from github – Published: 2026-06-09 00:33 – Updated: 2026-06-09 03:31Use after free in Dawn in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-11687"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T00:16:52Z",
"severity": "HIGH"
},
"details": "Use after free in Dawn in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-qv8p-84pr-826v",
"modified": "2026-06-09T03:31:39Z",
"published": "2026-06-09T00:33:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11687"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/517303276"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QVFP-RJPG-W73V
Vulnerability from github – Published: 2024-01-18 03:30 – Updated: 2024-01-24 21:30In vsp driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed
{
"affected": [],
"aliases": [
"CVE-2023-48353"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-18T03:15:57Z",
"severity": "MODERATE"
},
"details": "In vsp driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed",
"id": "GHSA-qvfp-rjpg-w73v",
"modified": "2024-01-24T21:30:33Z",
"published": "2024-01-18T03:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48353"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1745735200442220545"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QVG2-H6W2-CVWJ
Vulnerability from github – Published: 2023-07-05 12:30 – Updated: 2024-01-07 12:30A use-after-free condition existed in NotifyOnHistoryReload where a LoadingSessionHistoryEntry object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox < 115.
{
"affected": [],
"aliases": [
"CVE-2023-37209"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-05T10:15:09Z",
"severity": "HIGH"
},
"details": "A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox \u003c 115.",
"id": "GHSA-qvg2-h6w2-cvwj",
"modified": "2024-01-07T12:30:29Z",
"published": "2023-07-05T12:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37209"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837993"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-10"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-22"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QVH7-J2X6-25X5
Vulnerability from github – Published: 2022-05-02 03:46 – Updated: 2024-02-02 18:30Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.
{
"affected": [],
"aliases": [
"CVE-2009-3553"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-11-20T02:30:00Z",
"severity": "MODERATE"
},
"details": "Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.",
"id": "GHSA-qvh7-j2x6-25x5",
"modified": "2024-02-02T18:30:21Z",
"published": "2022-05-02T03:46:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3553"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2009:1595"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2009-3553"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=530111"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11183"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00332.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/37360"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/37364"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38241"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43521"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-201207-10.xml"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275230-1"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4004"
},
{
"type": "WEB",
"url": "http://www.cups.org/newsgroups.php/newsgroups.php?v5994+gcups.bugs"
},
{
"type": "WEB",
"url": "http://www.cups.org/newsgroups.php/newsgroups.php?v5996+gcups.bugs"
},
{
"type": "WEB",
"url": "http://www.cups.org/newsgroups.php/newsgroups.php?v6055+gcups.bugs"
},
{
"type": "WEB",
"url": "http://www.cups.org/str.php?L3200"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2011/dsa-2176"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:073"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1595.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/37048"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-906-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/0173"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0535"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QVM5-4FH7-HCFX
Vulnerability from github – Published: 2022-02-11 00:01 – Updated: 2023-01-19 18:30A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.
{
"affected": [],
"aliases": [
"CVE-2021-4154"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-04T23:15:00Z",
"severity": "HIGH"
},
"details": "A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel\u0027s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.",
"id": "GHSA-qvm5-4fh7-hcfx",
"modified": "2023-01-19T18:30:27Z",
"published": "2022-02-11T00:01:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4154"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034514"
},
{
"type": "WEB",
"url": "https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-002"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220225-0004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.