CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,392 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 78 of 148
- CVE-2023-37573HIGHCVSS 7.8EG 7.82024-01-08
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger the…
- CVE-2023-37574HIGHCVSS 7.8EG 7.82024-01-08
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger the…
- CVE-2023-37575HIGHCVSS 7.8EG 7.82024-01-08
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger the…
- CVE-2023-37576HIGHCVSS 7.8EG 7.82024-01-08
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger the…
- CVE-2023-37577HIGHCVSS 7.8EG 7.82024-01-08
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger the…
- CVE-2023-37578HIGHCVSS 7.8EG 7.82024-01-08
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger the…
- CVE-2023-3776HIGHCVSS 7.8EG 7.82023-07-21
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or de…
- CVE-2023-3777HIGHCVSS 7.8EG 7.82023-09-06
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and…
- CVE-2023-38075HIGHCVSS 7.8EG 7.82023-09-12
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11),…
- CVE-2023-38078MEDIUMCVSS 5.5EG 3.32024-05-03
Kofax Power PDF U3D File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required t…
- CVE-2023-38107HIGHCVSS 7.8EG 7.82024-05-03
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit thi…
- CVE-2023-38111HIGHCVSS 7.8EG 7.82024-05-03
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit thi…
- CVE-2023-38112HIGHCVSS 7.8EG 7.82024-05-03
Foxit PDF Reader XFA Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit…
- CVE-2023-38113LOWCVSS 3.3EG 3.32024-05-03
Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to ex…
- CVE-2023-38114HIGHCVSS 7.8EG 7.82024-05-03
Foxit PDF Reader AcroForm Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to ex…
- CVE-2023-38117HIGHCVSS 7.8EG 7.82024-05-03
Foxit PDF Reader AcroForm Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to ex…
- CVE-2023-3812HIGHCVSS 7.8EG 7.82023-07-24
An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or…
- CVE-2023-38139HIGHCVSS 7.8EG 7.82023-09-12
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-38160MEDIUMCVSS 5.5EG 5.52023-09-12
Windows TCP/IP Information Disclosure Vulnerability
- CVE-2023-38161HIGHCVSS 7.8EG 7.82023-09-12
Windows GDI Elevation of Privilege Vulnerability
- CVE-2023-38166HIGHCVSS 8.1EG 8.12023-10-10
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2023-38169HIGHCVSS 8.8EG 8.82023-08-08
Microsoft SQL OLE DB Remote Code Execution Vulnerability
- CVE-2023-38184HIGHCVSS 7.5EG 7.52023-08-08
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
- CVE-2023-38211HIGHCVSS 7.8EG 7.82023-08-09
Adobe Dimension version 3.4.9 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- CVE-2023-38216MEDIUMCVSS 5.5EG 5.52023-10-11
Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such …
- CVE-2023-38222HIGHCVSS 7.8EG 7.82023-08-10
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i…
- CVE-2023-38224HIGHCVSS 7.8EG 7.82023-08-10
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i…
- CVE-2023-38225HIGHCVSS 7.8EG 7.82023-08-10
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i…
- CVE-2023-38227HIGHCVSS 7.8EG 7.82023-08-10
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i…
- CVE-2023-38228HIGHCVSS 7.8EG 7.82023-08-10
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i…
- CVE-2023-38230MEDIUMCVSS 5.5EG 5.52023-08-10
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypa…
- CVE-2023-38238MEDIUMCVSS 5.5EG 5.52023-08-10
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypa…
- CVE-2023-38243MEDIUMCVSS 5.5EG 5.52023-08-10
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypa…
- CVE-2023-38573HIGHCVSS 8.8EG 8.82023-11-27
A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to mem…
- CVE-2023-38598CRITICALCVSS 9.8EG 9.82023-07-28
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A…
- CVE-2023-3863MEDIUMCVSS 6.4EG 6.42023-07-24
A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.
- CVE-2023-38669HIGHCVSS 8.3EG 8.32023-07-26
Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.
- CVE-2023-38703CRITICALCVSS 9.8EG 9.82023-10-06
PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as…
- CVE-2023-38748HIGHCVSS 7.8EG 7.82023-08-03
Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
- CVE-2023-39070HIGHCVSS 7.8EG 7.82023-09-11
An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934.
- CVE-2023-39129MEDIUMCVSS 5.5EG 5.52023-07-25
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.
- CVE-2023-39198HIGHCVSS 7.5EG 7.52023-11-09
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This…
- CVE-2023-39355HIGHCVSS 7.0EG 7.02023-08-31
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing `RDPGFX_CMDID_RESETGRAPHICS`…
- CVE-2023-39434HIGHCVSS 8.8EG 8.82023-09-27
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
- CVE-2023-39453CRITICALCVSS 9.8EG 9.82023-09-25
A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can deliver this file to trigger this vulnerabili…
- CVE-2023-39488HIGHCVSS 7.8EG 7.82024-05-03
PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to e…
- CVE-2023-39491HIGHCVSS 7.8EG 7.82024-05-03
PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to e…
- CVE-2023-39549HIGHCVSS 7.8EG 7.82023-08-08
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted DWG file. An attacker could…
- CVE-2023-39562MEDIUMCVSS 5.5EG 5.52023-08-28
GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.
- CVE-2023-39928HIGHCVSS 8.8EG 8.82023-10-06
A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to …
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →