CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,388 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 58 of 148
- CVE-2022-26291MEDIUMCVSS 5.5EG 5.52022-03-28
lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file.
- CVE-2022-26381HIGHCVSS 8.8EG 8.82022-12-22
An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
- CVE-2022-26385MEDIUMCVSS 6.5EG 6.52022-12-22
In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 98.
- CVE-2022-26417HIGHCVSS 7.8EG 7.82022-04-01
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code.
- CVE-2022-26450MEDIUMCVSS 6.4EG 6.42022-09-06
In apusys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07177801; Issue…
- CVE-2022-26451MEDIUMCVSS 6.7EG 6.72022-09-06
In ged, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202966; Issue ID…
- CVE-2022-26453MEDIUMCVSS 6.7EG 6.72022-09-06
In teei, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06664675; Issu…
- CVE-2022-26485HIGHCVSS 8.8EG 9.0⚠ KEV2022-12-22
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for And…
- CVE-2022-26486CRITICALCVSS 9.6EG 9.6⚠ KEV2022-12-22
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.…
- CVE-2022-26702HIGHCVSS 7.8EG 7.82022-05-26
A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
- CVE-2022-26709HIGHCVSS 8.8EG 8.82022-11-01
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitra…
- CVE-2022-26710HIGHCVSS 8.8EG 8.82022-11-01
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execu…
- CVE-2022-26717HIGHCVSS 8.8EG 8.82022-11-01
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web…
- CVE-2022-26757HIGHCVSS 7.8EG 7.82022-05-26
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may…
- CVE-2022-27007CRITICALCVSS 9.8EG 9.82022-04-14
nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().
- CVE-2022-27046HIGHCVSS 8.8EG 8.82022-04-08
libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388.
- CVE-2022-27147MEDIUMCVSS 5.5EG 5.52022-04-08
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag.
- CVE-2022-27376HIGHCVSS 7.5EG 7.52022-04-12
MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.
- CVE-2022-27377HIGHCVSS 7.5EG 7.52022-04-12
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.
- CVE-2022-2738HIGHCVSS 7.5EG 9.82022-09-01
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could …
- CVE-2022-27383HIGHCVSS 7.5EG 7.52022-04-12
MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.
- CVE-2022-2742HIGHCVSS 8.8EG 8.82023-01-02
Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interact…
- CVE-2022-27447HIGHCVSS 7.5EG 7.52022-04-14
MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.
- CVE-2022-27455HIGHCVSS 7.5EG 7.52022-04-14
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.
- CVE-2022-27456HIGHCVSS 7.5EG 7.52022-04-14
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.
- CVE-2022-27457HIGHCVSS 7.5EG 7.52022-04-14
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.
- CVE-2022-27512MEDIUMCVSS 5.3EG 5.32022-06-16
Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM.
- CVE-2022-27528HIGHCVSS 7.8EG 7.82022-04-11
A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
- CVE-2022-27785HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of fonts that could result in arbitrary code execution in the…
- CVE-2022-27786HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of fonts that could result in arbitrary code execution in the…
- CVE-2022-27789HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code exe…
- CVE-2022-27790HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of fonts that could result in arbitrary code execution in the…
- CVE-2022-27795HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code exe…
- CVE-2022-27796HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code exe…
- CVE-2022-27797HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that could result in arbitrary code execution …
- CVE-2022-27799HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code exe…
- CVE-2022-27800HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that could result in arbitrary code execution …
- CVE-2022-27801HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that could result in arbitrary code execution …
- CVE-2022-27802HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that could result in arbitrary code execution …
- CVE-2022-27834LOWCVSS 2.9EG 7.02022-04-11
Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions.
- CVE-2022-27867HIGHCVSS 7.8EG 7.82022-06-21
A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
- CVE-2022-27868HIGHCVSS 7.8EG 7.82022-06-21
A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
- CVE-2022-28042HIGHCVSS 8.8EG 8.82022-04-15
stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.
- CVE-2022-28071HIGHCVSS 7.5EG 7.52023-08-22
A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.
- CVE-2022-28073HIGHCVSS 7.5EG 7.52023-08-22
A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.
- CVE-2022-2817HIGHCVSS 7.8EG 7.82022-08-15
Use After Free in GitHub repository vim/vim prior to 9.0.0213.
- CVE-2022-28192MEDIUMCVSS 4.1EG 4.12022-05-17
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free, which in turn may cause denial of service. This attack is complex to carry out because the attacker needs to have …
- CVE-2022-28230HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code exe…
- CVE-2022-28232HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the collab object that could result in arbitrary code exec…
- CVE-2022-28233HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that could result in arbitrary code execution …
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →