CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,392 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 73 of 148
- CVE-2023-22668MEDIUMCVSS 6.7EG 6.72023-12-05
Memory Corruption in Audio while invoking IOCTLs calls from the user-space.
- CVE-2023-2312HIGHCVSS 8.8EG 8.82023-08-15
Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Hi…
- CVE-2023-23392CRITICALCVSS 9.8EG 9.82023-03-14
HTTP Protocol Stack Remote Code Execution Vulnerability
- CVE-2023-23404HIGHCVSS 8.1EG 8.12023-03-14
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2023-23420HIGHCVSS 7.8EG 7.82023-03-14
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-23421HIGHCVSS 7.8EG 7.82023-03-14
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-23514HIGHCVSS 7.8EG 7.82023-02-27
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, macOS Big Sur 11.7.5. An app may be able to execute…
- CVE-2023-23586MEDIUMCVSS 5.5EG 5.52023-02-17
Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call …
- CVE-2023-2458HIGHCVSS 8.8EG 8.82023-05-12
Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium…
- CVE-2023-24581HIGHCVSS 7.8EG 7.82023-02-14
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains a use-after-free vulnerability that…
- CVE-2023-2461HIGHCVSS 8.8EG 8.82023-05-03
Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium…
- CVE-2023-24734CRITICALCVSS 9.8EG 9.82023-03-06
An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file.
- CVE-2023-24833HIGHCVSS 7.5EG 7.52023-05-18
A use-after-free in BigIntPrimitive addition in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by an attacker to leak raw data from Hermes VM’s heap. Note that this is only exploitable in cases where…
- CVE-2023-24914HIGHCVSS 7.0EG 7.02023-04-11
Win32k Elevation of Privilege Vulnerability
- CVE-2023-24925HIGHCVSS 8.8EG 8.82023-04-11
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
- CVE-2023-24947HIGHCVSS 8.8EG 8.82023-05-09
Windows Bluetooth Driver Remote Code Execution Vulnerability
- CVE-2023-24953HIGHCVSS 7.8EG 7.82023-05-09
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2023-25001HIGHCVSS 7.8EG 7.82023-06-27
A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
- CVE-2023-25002HIGHCVSS 7.8EG 7.82023-06-27
A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
- CVE-2023-25006HIGHCVSS 7.8EG 7.82023-05-12
A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution.
- CVE-2023-25012MEDIUMCVSS 4.6EG 4.62023-02-02
The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.
- CVE-2023-2513MEDIUMCVSS 6.7EG 6.72023-05-08
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined beh…
- CVE-2023-25358HIGHCVSS 8.8EG 9.82023-03-02
A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
- CVE-2023-25360HIGHCVSS 8.8EG 9.82023-03-02
A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
- CVE-2023-25361HIGHCVSS 8.8EG 9.82023-03-02
A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
- CVE-2023-25362HIGHCVSS 8.8EG 9.82023-03-02
A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
- CVE-2023-25363HIGHCVSS 8.8EG 9.82023-03-02
A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
- CVE-2023-25735HIGHCVSS 8.8EG 8.82023-06-02
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110,…
- CVE-2023-25739HIGHCVSS 8.8EG 8.82023-06-02
Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 1…
- CVE-2023-25747HIGHCVSS 7.5EG 7.52023-06-19
A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affect…
- CVE-2023-25871HIGHCVSS 7.8EG 7.82023-03-27
Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in…
- CVE-2023-25893HIGHCVSS 7.8EG 7.82023-03-28
Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic…
- CVE-2023-25894HIGHCVSS 7.8EG 7.82023-03-28
Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic…
- CVE-2023-25896HIGHCVSS 7.8EG 7.82023-03-28
Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic…
- CVE-2023-25899HIGHCVSS 7.8EG 7.82023-03-28
Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic…
- CVE-2023-25908HIGHCVSS 7.8EG 7.82023-03-27
Adobe Photoshop versions 23.5.3 (and earlier) and 24.1.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires use…
- CVE-2023-2598HIGHCVSS 7.8EG 7.82023-06-01
A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full lo…
- CVE-2023-26226CRITICALCVSS 9.8EG 9.82025-05-30
A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682
- CVE-2023-26336HIGHCVSS 7.8EG 7.82023-03-28
Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic…
- CVE-2023-26349MEDIUMCVSS 5.5EG 5.52023-03-28
Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of…
- CVE-2023-26384HIGHCVSS 7.8EG 7.82023-04-12
Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in t…
- CVE-2023-26392HIGHCVSS 7.8EG 7.82023-04-12
Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in t…
- CVE-2023-26410HIGHCVSS 7.8EG 7.82023-04-13
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i…
- CVE-2023-26414HIGHCVSS 7.8EG 7.82023-04-13
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i…
- CVE-2023-26417HIGHCVSS 7.8EG 7.82023-04-12
Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i…
- CVE-2023-26418HIGHCVSS 7.8EG 7.82023-04-12
Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i…
- CVE-2023-26419HIGHCVSS 7.8EG 7.82023-04-12
Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i…
- CVE-2023-26420HIGHCVSS 7.8EG 7.82023-04-12
Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i…
- CVE-2023-26422HIGHCVSS 7.8EG 7.82023-04-12
Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i…
- CVE-2023-26423HIGHCVSS 7.8EG 7.82023-04-12
Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i…
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →