CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,389 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 61 of 148
- CVE-2022-3235HIGHCVSS 7.8EG 7.82022-09-18
Use After Free in GitHub repository vim/vim prior to 9.0.0490.
- CVE-2022-3239HIGHCVSS 7.8EG 7.82022-09-19
A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privil…
- CVE-2022-32414MEDIUMCVSS 5.5EG 5.52022-06-21
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c.
- CVE-2022-3256HIGHCVSS 7.8EG 7.82022-09-22
Use After Free in GitHub repository vim/vim prior to 9.0.0530.
- CVE-2022-32607MEDIUMCVSS 6.7EG 6.72022-11-08
In aee, there is a possible use after free due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202891; Is…
- CVE-2022-32746MEDIUMCVSS 5.4EG 5.42022-08-25
A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying cert…
- CVE-2022-32774HIGHCVSS 7.8EG 7.82022-11-21
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely deleting objects associated with pages, a specially-crafted PDF document can trigger the reuse of previousl…
- CVE-2022-32903HIGHCVSS 7.8EG 7.82022-11-01
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.
- CVE-2022-32914HIGHCVSS 7.8EG 7.82022-11-01
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel pr…
- CVE-2022-32922HIGHCVSS 8.8EG 8.82022-11-01
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2022-3297HIGHCVSS 7.8EG 7.82022-09-25
Use After Free in GitHub repository vim/vim prior to 9.0.0579.
- CVE-2022-33025HIGHCVSS 7.8EG 7.82022-06-23
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c.
- CVE-2022-33027HIGHCVSS 7.8EG 7.82022-06-23
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c.
- CVE-2022-3304HIGHCVSS 8.8EG 8.82022-11-01
Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3305HIGHCVSS 8.8EG 8.82022-11-01
Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3306HIGHCVSS 8.8EG 8.82022-11-01
Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3307HIGHCVSS 8.8EG 8.82022-11-01
Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3309MEDIUMCVSS 6.5EG 6.52022-11-01
Use after free in assistant in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via specific UI gestures. (Chromium se…
- CVE-2022-3311MEDIUMCVSS 6.5EG 6.52022-11-01
Use after free in import in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2022-3314MEDIUMCVSS 6.5EG 6.52022-11-01
Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2022-3318MEDIUMCVSS 4.3EG 6.52022-11-01
Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to reboot Chrome OS to potentially exploit heap corruption via UI interaction. (Chromium security s…
- CVE-2022-33225MEDIUMCVSS 6.7EG 7.82023-02-12
Memory corruption due to use after free in trusted application environment.
- CVE-2022-33245MEDIUMCVSS 6.7EG 7.82023-03-10
Memory corruption in WLAN due to use after free
- CVE-2022-33263MEDIUMCVSS 6.7EG 6.72023-06-06
Memory corruption due to use after free in Core when multiple DCI clients register and deregister.
- CVE-2022-33292HIGHCVSS 7.8EG 7.82023-05-02
Memory corruption in Qualcomm IPC due to use after free while receiving the incoming packet and reposting it.
- CVE-2022-33298MEDIUMCVSS 6.7EG 7.82023-04-13
Memory corruption due to use after free in Modem while modem initialization.
- CVE-2022-3352HIGHCVSS 7.8EG 7.82022-09-29
Use After Free in GitHub repository vim/vim prior to 9.0.0614.
- CVE-2022-3370HIGHCVSS 8.8EG 8.82022-11-01
Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-33981LOWCVSS 3.3EG 3.32022-06-18
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
- CVE-2022-34216HIGHCVSS 7.8EG 7.82022-07-15
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current …
- CVE-2022-34219HIGHCVSS 7.8EG 7.82022-07-15
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current …
- CVE-2022-34220HIGHCVSS 7.8EG 7.82022-07-15
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current …
- CVE-2022-34223HIGHCVSS 7.8EG 7.82022-07-15
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current …
- CVE-2022-34224HIGHCVSS 7.8EG 7.82023-09-11
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current …
- CVE-2022-34225HIGHCVSS 7.8EG 7.82022-07-15
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current …
- CVE-2022-34227HIGHCVSS 7.8EG 7.82023-09-11
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current …
- CVE-2022-34229HIGHCVSS 7.8EG 7.82022-07-15
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current …
- CVE-2022-34230HIGHCVSS 7.8EG 7.82022-07-15
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current …
- CVE-2022-34232MEDIUMCVSS 5.5EG 5.52022-07-15
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverag…
- CVE-2022-34233MEDIUMCVSS 5.5EG 5.52022-07-15
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverag…
- CVE-2022-34234MEDIUMCVSS 5.5EG 5.52022-07-15
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverag…
- CVE-2022-34237MEDIUMCVSS 5.5EG 5.52022-07-15
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverag…
- CVE-2022-3424HIGHCVSS 7.8EG 7.82023-03-06
A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a l…
- CVE-2022-34243HIGHCVSS 7.8EG 7.82022-07-15
Adobe Photoshop versions 22.5.7 (and earlier) and 23.3.2 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires use…
- CVE-2022-34263HIGHCVSS 7.8EG 7.82022-08-11
Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires u…
- CVE-2022-3445HIGHCVSS 8.8EG 8.82022-11-09
Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-34470CRITICALCVSS 9.8EG 9.82022-12-22
Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
- CVE-2022-3448HIGHCVSS 8.8EG 8.82022-11-09
Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security …
- CVE-2022-34484HIGHCVSS 8.8EG 8.82022-12-22
The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitra…
- CVE-2022-3449HIGHCVSS 8.8EG 8.82022-11-09
Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security se…
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →