CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9811 vulnerabilities reference this CWE, most recent first.
GHSA-XCV8-4M2V-RX26
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-09 18:30Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
{
"affected": [],
"aliases": [
"CVE-2025-62559"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T18:16:01Z",
"severity": "HIGH"
},
"details": "Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.",
"id": "GHSA-xcv8-4m2v-rx26",
"modified": "2025-12-09T18:30:47Z",
"published": "2025-12-09T18:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62559"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62559"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XCVV-2PHH-WM85
Vulnerability from github – Published: 2026-01-28 18:30 – Updated: 2026-01-28 18:30NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.
{
"affected": [],
"aliases": [
"CVE-2025-33220"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-28T18:16:48Z",
"severity": "HIGH"
},
"details": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.",
"id": "GHSA-xcvv-2phh-wm85",
"modified": "2026-01-28T18:30:49Z",
"published": "2026-01-28T18:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33220"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5747"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33220"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XCXV-6FR5-34FM
Vulnerability from github – Published: 2022-05-24 17:02 – Updated: 2024-04-04 02:41An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request that can be used to corrupt heap structures that could lead to full code execution. The request can be unauthenticated in the form of GET or POST requests, and does not require the requested resource to exist on the server.
{
"affected": [],
"aliases": [
"CVE-2019-5096"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-03T22:15:00Z",
"severity": "CRITICAL"
},
"details": "An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request that can be used to corrupt heap structures that could lead to full code execution. The request can be unauthenticated in the form of GET or POST requests, and does not require the requested resource to exist on the server.",
"id": "GHSA-xcxv-6fr5-34fm",
"modified": "2024-04-04T02:41:45Z",
"published": "2022-05-24T17:02:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5096"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0888"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XF27-R9VM-Q26M
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
{
"affected": [],
"aliases": [
"CVE-2018-3995"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-03T15:29:00Z",
"severity": "HIGH"
},
"details": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software\u0027s PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",
"id": "GHSA-xf27-r9vm-q26m",
"modified": "2022-05-13T01:01:47Z",
"published": "2022-05-13T01:01:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3995"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0663"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041769"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XF2C-WP2F-V3JR
Vulnerability from github – Published: 2022-05-14 02:19 – Updated: 2022-05-14 02:19WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object.
{
"affected": [],
"aliases": [
"CVE-2018-12294"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-19T21:29:00Z",
"severity": "HIGH"
},
"details": "WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object.",
"id": "GHSA-xf2c-wp2f-v3jr",
"modified": "2022-05-14T02:19:44Z",
"published": "2022-05-14T02:19:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12294"
},
{
"type": "WEB",
"url": "https://bugs.webkit.org/show_bug.cgi?id=184729"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201808-04"
},
{
"type": "WEB",
"url": "https://trac.webkit.org/changeset/231300/webkit"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/148200/WebKitGTK-Data-Leak-Code-Execution.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2018/06/14/1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/542087/100/0/threaded"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XF2W-5673-H6WW
Vulnerability from github – Published: 2022-11-04 19:01 – Updated: 2026-06-10 18:44diplib v3.0.0 is vulnerable to Double Free.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "diplib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-39432"
],
"database_specific": {
"cwe_ids": [
"CWE-415",
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2024-11-21T22:14:21Z",
"nvd_published_at": "2022-11-04T17:15:00Z",
"severity": "MODERATE"
},
"details": "diplib v3.0.0 is vulnerable to Double Free.",
"id": "GHSA-xf2w-5673-h6ww",
"modified": "2026-06-10T18:44:04Z",
"published": "2022-11-04T19:01:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39432"
},
{
"type": "WEB",
"url": "https://github.com/DIPlib/diplib/issues/80"
},
{
"type": "WEB",
"url": "https://github.com/DIPlib/diplib/commit/8b9a2670ce66ff2fd5addf592f7825e1f5adb5b5"
},
{
"type": "PACKAGE",
"url": "https://github.com/DIPlib/diplib"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/diplib/PYSEC-2022-43131.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "diplib Double Free"
}
GHSA-XF3J-CFRC-6WX5
Vulnerability from github – Published: 2022-01-29 00:00 – Updated: 2022-02-03 00:00A CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior
{
"affected": [],
"aliases": [
"CVE-2021-22808"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-28T20:15:00Z",
"severity": "HIGH"
},
"details": "A CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior",
"id": "GHSA-xf3j-cfrc-6wx5",
"modified": "2022-02-03T00:00:25Z",
"published": "2022-01-29T00:00:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22808"
},
{
"type": "WEB",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-07"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XF4C-FRC6-WRRH
Vulnerability from github – Published: 2025-02-27 21:32 – Updated: 2025-02-27 21:32In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: avoid skb access on nf_stolen
When verdict is NF_STOLEN, the skb might have been freed.
When tracing is enabled, this can result in a use-after-free: 1. access to skb->nf_trace 2. access to skb->mark 3. computation of trace id 4. dump of packet payload
To avoid 1, keep a cached copy of skb->nf_trace in the trace state struct. Refresh this copy whenever verdict is != STOLEN.
Avoid 2 by skipping skb->mark access if verdict is STOLEN.
3 is avoided by precomputing the trace id.
Only dump the packet when verdict is not "STOLEN".
{
"affected": [],
"aliases": [
"CVE-2022-49622"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:37Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: avoid skb access on nf_stolen\n\nWhen verdict is NF_STOLEN, the skb might have been freed.\n\nWhen tracing is enabled, this can result in a use-after-free:\n1. access to skb-\u003enf_trace\n2. access to skb-\u003emark\n3. computation of trace id\n4. dump of packet payload\n\nTo avoid 1, keep a cached copy of skb-\u003enf_trace in the\ntrace state struct.\nRefresh this copy whenever verdict is != STOLEN.\n\nAvoid 2 by skipping skb-\u003emark access if verdict is STOLEN.\n\n3 is avoided by precomputing the trace id.\n\nOnly dump the packet when verdict is not \"STOLEN\".",
"id": "GHSA-xf4c-frc6-wrrh",
"modified": "2025-02-27T21:32:14Z",
"published": "2025-02-27T21:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49622"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0016d5d46d7440729a3132f61a8da3bf7f84e2ba"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e34b9ed96ce3b06c79bf884009b16961ca478f87"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XF76-839H-PFPM
Vulnerability from github – Published: 2026-04-01 06:31 – Updated: 2026-04-01 21:30Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-5281"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-01T05:16:01Z",
"severity": "HIGH"
},
"details": "Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-xf76-839h-pfpm",
"modified": "2026-04-01T21:30:28Z",
"published": "2026-04-01T06:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5281"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/491518608"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-5281"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XF76-HMQ4-V7QJ
Vulnerability from github – Published: 2026-05-29 00:38 – Updated: 2026-05-29 12:31Use after free in WebRTC in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-9962"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T23:16:54Z",
"severity": "HIGH"
},
"details": "Use after free in WebRTC in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-xf76-hmq4-v7qj",
"modified": "2026-05-29T12:31:25Z",
"published": "2026-05-29T00:38:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9962"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/504716948"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.