CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,392 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 74 of 148
- CVE-2023-26424HIGHCVSS 7.8EG 7.82023-04-12
Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i…
- CVE-2023-26426HIGHCVSS 7.8EG 7.82023-03-22
Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user int…
- CVE-2023-26495HIGHCVSS 7.8EG 7.82023-04-10
An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arb…
- CVE-2023-26544HIGHCVSS 7.8EG 7.82023-02-25
In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size.
- CVE-2023-26589MEDIUMCVSS 6.5EG 6.52023-11-14
Use after free in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allowed an authenticated user to potentially enable denial of service via local access.
- CVE-2023-26605HIGHCVSS 7.8EG 7.82023-02-26
In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.
- CVE-2023-26606HIGHCVSS 7.8EG 7.82023-02-26
In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c.
- CVE-2023-2680HIGHCVSS 7.5EG 7.52023-09-13
This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CV…
- CVE-2023-26991HIGHCVSS 7.8EG 7.82023-04-04
SWFTools v0.9.2 was discovered to contain a stack-use-after-scope in the swf_ReadSWF2 function in lib/rfxswf.c.
- CVE-2023-2721HIGHCVSS 8.8EG 8.82023-05-16
Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2023-2722HIGHCVSS 8.8EG 8.82023-05-16
Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-2723HIGHCVSS 8.8EG 8.82023-05-16
Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-2725HIGHCVSS 8.8EG 8.82023-05-16
Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Hi…
- CVE-2023-27329HIGHCVSS 7.8EG 7.82024-05-03
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit thi…
- CVE-2023-27330HIGHCVSS 7.8EG 7.82024-05-03
Foxit PDF Reader XFA Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit…
- CVE-2023-27331HIGHCVSS 7.8EG 7.82024-05-03
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit thi…
- CVE-2023-27338MEDIUMCVSS 5.5EG 3.32024-05-03
PDF-XChange Editor TIF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is requ…
- CVE-2023-27348HIGHCVSS 7.8EG 7.82024-05-03
PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to e…
- CVE-2023-27352HIGHCVSS 8.8EG 8.82023-04-20
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pro…
- CVE-2023-27366HIGHCVSS 7.8EG 7.82024-05-03
Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit thi…
- CVE-2023-27379HIGHCVSS 8.8EG 8.82023-07-19
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previou…
- CVE-2023-2762HIGHCVSS 7.8EG 7.82023-07-12
A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a…
- CVE-2023-2763HIGHCVSS 7.8EG 7.82023-07-12
Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities co…
- CVE-2023-27969HIGHCVSS 7.8EG 7.82023-05-08
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code w…
- CVE-2023-28081CRITICALCVSS 9.8EG 9.82023-05-18
A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable…
- CVE-2023-28198HIGHCVSS 8.8EG 8.82023-08-14
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.
- CVE-2023-28205HIGHCVSS 8.8EG 9.0⚠ KEV2023-04-10
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may le…
- CVE-2023-28223MEDIUMCVSS 6.6EG 6.62023-04-11
Windows Domain Name Service Remote Code Execution Vulnerability
- CVE-2023-28285HIGHCVSS 7.8EG 7.82023-04-11
Microsoft Office Remote Code Execution Vulnerability
- CVE-2023-28287HIGHCVSS 7.8EG 7.82023-06-17
Microsoft Publisher Remote Code Execution Vulnerability
- CVE-2023-28297HIGHCVSS 8.8EG 8.82023-04-11
Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability
- CVE-2023-28305MEDIUMCVSS 6.6EG 6.62023-04-11
Windows DNS Server Remote Code Execution Vulnerability
- CVE-2023-28306MEDIUMCVSS 6.6EG 6.62023-04-11
Windows DNS Server Remote Code Execution Vulnerability
- CVE-2023-28307MEDIUMCVSS 6.6EG 6.62023-04-11
Windows DNS Server Remote Code Execution Vulnerability
- CVE-2023-28308MEDIUMCVSS 6.6EG 6.62023-04-11
Windows DNS Server Remote Code Execution Vulnerability
- CVE-2023-28319HIGHCVSS 7.5EG 7.52023-05-26
A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns…
- CVE-2023-28469MEDIUMCVSS 5.5EG 5.52023-06-02
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Archi…
- CVE-2023-28577MEDIUMCVSS 6.7EG 6.72023-08-08
In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the …
- CVE-2023-28653HIGHCVSS 7.8EG 7.82023-06-06
The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a use-after-free vulnerability. An attacker could leverage this vulnerability to execute arb…
- CVE-2023-28744HIGHCVSS 8.8EG 8.82023-07-19
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. A specially crafted PDF document can trigger the reuse of previously freed memory by manipulating form fields of a specifi…
- CVE-2023-28830HIGHCVSS 7.8EG 7.82023-08-08
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), T…
- CVE-2023-28980MEDIUMCVSS 5.5EG 5.52023-04-17
A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rp…
- CVE-2023-28984MEDIUMCVSS 5.3EG 5.32023-04-17
A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and restart, leading to a Denial of Servic…
- CVE-2023-2912MEDIUMCVSS 5.9EG 5.92023-07-17
Use After Free vulnerability in Secomea SiteManager Embedded allows Obstruction.
- CVE-2023-29132MEDIUMCVSS 5.3EG 5.32023-04-14
Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line.
- CVE-2023-2930HIGHCVSS 8.8EG 8.82023-05-30
Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Hig…
- CVE-2023-29303MEDIUMCVSS 5.5EG 5.52023-08-10
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypa…
- CVE-2023-2931HIGHCVSS 8.8EG 8.82023-05-30
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
- CVE-2023-2932HIGHCVSS 8.8EG 8.82023-05-30
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
- CVE-2023-29321HIGHCVSS 7.8EG 7.82023-06-15
Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user …
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →