CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,388 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 59 of 148
- CVE-2022-28235HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code exe…
- CVE-2022-28237HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that could result in arbitrary code execution …
- CVE-2022-28238HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that could result in arbitrary code execution …
- CVE-2022-28240HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user…
- CVE-2022-28242HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user…
- CVE-2022-28250MEDIUMCVSS 5.5EG 5.52022-05-11
Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage th…
- CVE-2022-28256MEDIUMCVSS 5.5EG 5.52022-05-11
Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage th…
- CVE-2022-28269LOWCVSS 3.3EG 3.32022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of Annotation objects that could result in a memory leak in t…
- CVE-2022-28271HIGHCVSS 7.8EG 7.82022-05-06
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user…
- CVE-2022-28279HIGHCVSS 7.8EG 7.82022-05-06
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user…
- CVE-2022-28282MEDIUMCVSS 6.5EG 6.52022-12-22
By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable…
- CVE-2022-28303HIGHCVSS 7.8EG 7.82023-03-29
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2022-28310HIGHCVSS 7.8EG 7.82023-03-29
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicio…
- CVE-2022-28348CRITICALCVSS 9.8EG 9.82022-05-19
Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a use-after-free situation.
- CVE-2022-28349CRITICALCVSS 9.8EG 9.82022-05-19
Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0, Bifrost r17p0 through r23p0 before r24p0, and Valhall r19p0 through r23p0 before r24p0.
- CVE-2022-28350CRITICALCVSS 9.8EG 9.82022-05-19
Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p0 to reach a use-after-free situation.
- CVE-2022-2852HIGHCVSS 8.8EG 8.82022-09-26
Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-2854HIGHCVSS 8.8EG 8.82022-09-26
Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-2855HIGHCVSS 8.8EG 8.82022-09-26
Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-2857HIGHCVSS 8.8EG 8.82022-09-26
Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-2858HIGHCVSS 8.8EG 8.82022-09-26
Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction.
- CVE-2022-2859HIGHCVSS 8.8EG 8.82022-09-26
Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions.
- CVE-2022-2862HIGHCVSS 7.8EG 7.82022-08-17
Use After Free in GitHub repository vim/vim prior to 9.0.0221.
- CVE-2022-28641HIGHCVSS 7.8EG 7.82023-03-29
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a maliciou…
- CVE-2022-28669HIGHCVSS 7.8EG 7.82022-07-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-28671HIGHCVSS 7.8EG 7.82022-07-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-28672HIGHCVSS 7.8EG 7.82022-07-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-28673HIGHCVSS 7.8EG 7.82022-07-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-28674HIGHCVSS 7.8EG 7.82022-07-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-28675HIGHCVSS 7.8EG 7.82022-07-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-28676HIGHCVSS 7.8EG 7.82022-07-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-28677HIGHCVSS 7.8EG 7.82022-07-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-28678HIGHCVSS 7.8EG 7.82022-07-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-28679HIGHCVSS 7.8EG 7.82022-07-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-28680HIGHCVSS 7.8EG 7.82022-07-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-28683HIGHCVSS 7.8EG 7.82022-07-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-28736MEDIUMCVSS 6.4EG 6.42023-07-20
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader mo…
- CVE-2022-28796HIGHCVSS 7.0EG 7.02022-04-08
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.
- CVE-2022-28823HIGHCVSS 7.8EG 7.82022-05-13
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by a Use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires us…
- CVE-2022-28824HIGHCVSS 7.8EG 7.82022-05-13
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by a Use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires us…
- CVE-2022-28835HIGHCVSS 7.8EG 7.82023-09-11
Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user i…
- CVE-2022-28837MEDIUMCVSS 5.5EG 5.52022-05-11
Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this …
- CVE-2022-28838HIGHCVSS 7.8EG 3.32022-05-11
Acrobat Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current…
- CVE-2022-28842HIGHCVSS 7.8EG 7.82022-06-15
Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that…
- CVE-2022-28849HIGHCVSS 7.8EG 7.82022-06-15
Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that…
- CVE-2022-2889HIGHCVSS 7.8EG 7.82022-08-19
Use After Free in GitHub repository vim/vim prior to 9.0.0225.
- CVE-2022-28893HIGHCVSS 7.8EG 7.82022-04-11
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
- CVE-2022-2896HIGHCVSS 7.8EG 7.82022-08-31
Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file.
- CVE-2022-29227HIGHCVSS 7.5EG 7.52022-06-09
Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be t…
- CVE-2022-29228HIGHCVSS 7.5EG 7.52022-06-09
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts …
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →