CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,387 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 57 of 148
- CVE-2022-24102HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current use…
- CVE-2022-24103HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current use…
- CVE-2022-24104HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current use…
- CVE-2022-24122HIGHCVSS 7.8EG 7.82022-01-29
kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.
- CVE-2022-24357HIGHCVSS 8.8EG 8.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-24359HIGHCVSS 8.8EG 8.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-24360HIGHCVSS 8.8EG 8.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-24362HIGHCVSS 8.8EG 8.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-24363HIGHCVSS 8.8EG 8.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-24364HIGHCVSS 8.8EG 8.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-24365HIGHCVSS 8.8EG 8.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-24366HIGHCVSS 8.8EG 8.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-24367HIGHCVSS 8.8EG 8.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-24368MEDIUMCVSS 6.5EG 6.52022-02-18
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious p…
- CVE-2022-2453HIGHCVSS 7.8EG 7.82022-07-19
Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV.
- CVE-2022-24576MEDIUMCVSS 5.5EG 5.52022-03-14
GPAC 1.0.1 is affected by Use After Free through MP4Box.
- CVE-2022-2477HIGHCVSS 8.8EG 8.82022-07-28
Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-2478HIGHCVSS 8.8EG 8.82022-07-28
Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-24791HIGHCVSS 8.1EG 8.12022-03-31
Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explic…
- CVE-2022-2480HIGHCVSS 8.8EG 8.82022-07-28
Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-2481HIGHCVSS 8.8EG 8.82022-07-28
Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.
- CVE-2022-24960MEDIUMCVSS 6.5EG 7.82022-03-10
A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows.
- CVE-2022-25139CRITICALCVSS 9.8EG 9.82022-02-14
njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled.
- CVE-2022-25230HIGHCVSS 7.8EG 7.82022-03-10
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP f…
- CVE-2022-2526CRITICALCVSS 9.8EG 9.82022-09-09
A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. There…
- CVE-2022-25325HIGHCVSS 7.8EG 7.82022-03-10
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP f…
- CVE-2022-25666MEDIUMCVSS 6.7EG 6.72022-10-19
Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdr…
- CVE-2022-25677MEDIUMCVSS 6.7EG 7.82022-12-13
Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructur…
- CVE-2022-25693HIGHCVSS 8.4EG 7.82022-09-16
Memory corruption in graphics due to use-after-free while graphics profiling in Snapdragon Connectivity, Snapdragon Mobile
- CVE-2022-25722MEDIUMCVSS 6.0EG 5.52023-01-09
Information exposure in DSP services due to improper handling of freeing memory
- CVE-2022-25723HIGHCVSS 8.4EG 7.82022-10-19
Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobile
- CVE-2022-25743HIGHCVSS 8.4EG 7.82022-11-15
Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & …
- CVE-2022-25789HIGHCVSS 7.8EG 7.82022-04-11
A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
- CVE-2022-25822MEDIUMCVSS 4.0EG 6.22022-03-10
An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash.
- CVE-2022-2585MEDIUMCVSS 5.3EG 5.32024-01-08
It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.
- CVE-2022-2586MEDIUMCVSS 5.3EG 9.0⚠ KEV2024-01-08
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.
- CVE-2022-2588MEDIUMCVSS 5.3EG 5.32024-01-08
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
- CVE-2022-2602MEDIUMCVSS 5.3EG 5.32024-01-08
io_uring UAF, Unix SCM garbage collection
- CVE-2022-2603HIGHCVSS 8.8EG 8.82022-08-12
Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-2604HIGHCVSS 8.8EG 8.82022-08-12
Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-2606HIGHCVSS 8.8EG 8.82022-08-12
Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-2607HIGHCVSS 8.8EG 8.82022-08-12
Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
- CVE-2022-2608HIGHCVSS 8.8EG 8.82022-08-12
Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
- CVE-2022-2609HIGHCVSS 8.8EG 8.82022-08-12
Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
- CVE-2022-2613HIGHCVSS 8.8EG 8.82022-08-12
Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
- CVE-2022-2614HIGHCVSS 8.8EG 8.82022-08-12
Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-2617HIGHCVSS 8.8EG 8.82022-08-12
Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.
- CVE-2022-2620HIGHCVSS 8.8EG 8.82022-08-12
Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
- CVE-2022-2621HIGHCVSS 8.8EG 8.82022-08-12
Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.
- CVE-2022-2623HIGHCVSS 8.8EG 8.82022-08-12
Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →