CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,392 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 80 of 148
- CVE-2023-4208HIGHCVSS 7.8EG 7.82023-09-06
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into…
- CVE-2023-42080HIGHCVSS 7.8EG 7.82024-05-03
PDF-XChange Editor EMF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to e…
- CVE-2023-42082HIGHCVSS 7.8EG 7.82024-05-03
PDF-XChange Editor JPG File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to e…
- CVE-2023-42086HIGHCVSS 7.8EG 7.82024-05-03
PDF-XChange Editor EMF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to e…
- CVE-2023-42089HIGHCVSS 7.8EG 3.32024-05-03
Foxit PDF Reader templates Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exp…
- CVE-2023-42091HIGHCVSS 7.8EG 7.82024-05-03
Foxit PDF Reader XFA Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit…
- CVE-2023-42092HIGHCVSS 7.8EG 7.82024-05-03
Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit thi…
- CVE-2023-42093LOWCVSS 3.3EG 3.32024-05-03
Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to ex…
- CVE-2023-42094HIGHCVSS 7.8EG 7.82024-05-03
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit thi…
- CVE-2023-42096HIGHCVSS 7.8EG 7.82024-05-03
Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to explo…
- CVE-2023-42097HIGHCVSS 7.8EG 7.82024-05-03
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit thi…
- CVE-2023-42098LOWCVSS 3.3EG 3.32024-05-03
Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to ex…
- CVE-2023-42103HIGHCVSS 7.8EG 7.82024-05-03
Ashlar-Vellum Cobalt AR File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required t…
- CVE-2023-42104HIGHCVSS 7.8EG 7.82024-05-03
Ashlar-Vellum Cobalt AR File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required t…
- CVE-2023-42108HIGHCVSS 7.8EG 7.82024-05-03
PDF-XChange Editor EMF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to e…
- CVE-2023-4211MEDIUMCVSS 5.5EG 9.0⚠ KEV2023-10-01
A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
- CVE-2023-42363MEDIUMCVSS 5.5EG 5.52023-11-27
A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
- CVE-2023-42364MEDIUMCVSS 5.5EG 5.52023-11-27
A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.
- CVE-2023-42365MEDIUMCVSS 5.5EG 5.52023-11-27
A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.
- CVE-2023-4244HIGHCVSS 7.0EG 7.82023-09-06
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element ga…
- CVE-2023-42459HIGHCVSS 7.5EG 8.62023-10-16
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This c…
- CVE-2023-42482HIGHCVSS 7.5EG 4.72023-09-21
Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free.
- CVE-2023-42722MEDIUMCVSS 6.7EG 6.72023-12-04
In camera service, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed
- CVE-2023-42870HIGHCVSS 7.8EG 7.82024-01-10
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.
- CVE-2023-42892HIGHCVSS 7.8EG 7.82024-03-28
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A local attacker may be able to elevate their privileges.
- CVE-2023-4295HIGHCVSS 7.8EG 7.82023-11-07
A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
- CVE-2023-42950HIGHCVSS 8.8EG 8.82024-03-28
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrar…
- CVE-2023-42970HIGHCVSS 8.8EG 8.82025-04-11
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution.
- CVE-2023-43000HIGHCVSS 8.8EG 9.0⚠ KEV2025-11-05
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to me…
- CVE-2023-4349HIGHCVSS 8.8EG 8.82023-08-15
Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-4351HIGHCVSS 8.8EG 8.82023-08-15
Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-43514HIGHCVSS 7.8EG 8.42024-01-02
Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP.
- CVE-2023-43521MEDIUMCVSS 6.7EG 6.72024-05-06
Memory corruption when multiple listeners are being registered with the same file descriptor.
- CVE-2023-43543MEDIUMCVSS 6.7EG 6.72024-06-03
Memory corruption in Audio during a playback or a recording due to race condition between allocation and deallocation of graph object.
- CVE-2023-43544MEDIUMCVSS 6.7EG 6.72024-06-03
Memory corruption when IPC callback handle is used after it has been released during register callback by another thread.
- CVE-2023-43546HIGHCVSS 8.4EG 8.42024-03-04
Memory corruption while invoking HGSL IOCTL context create.
- CVE-2023-43547HIGHCVSS 8.4EG 8.42024-03-04
Memory corruption while invoking IOCTLs calls in Automotive Multimedia.
- CVE-2023-43552CRITICALCVSS 9.8EG 9.82024-03-04
Memory corruption while processing MBSSID beacon containing several subelement IE.
- CVE-2023-4356HIGHCVSS 8.8EG 8.82023-08-15
Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security seve…
- CVE-2023-4358HIGHCVSS 8.8EG 8.82023-08-15
Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-4366HIGHCVSS 8.8EG 8.82023-08-15
Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Med…
- CVE-2023-43842HIGHCVSS 7.3EG 7.32024-05-28
Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter user and administrator accounts credentials via HTTP POST request.
- CVE-2023-4387HIGHCVSS 7.1EG 6.62023-08-16
A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free w…
- CVE-2023-4389HIGHCVSS 7.1EG 7.02023-08-16
A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may…
- CVE-2023-4394MEDIUMCVSS 6.0EG 6.72023-08-17
A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel infor…
- CVE-2023-44095HIGHCVSS 7.5EG 7.52023-10-11
Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash.
- CVE-2023-4429HIGHCVSS 8.8EG 8.82023-08-23
Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-4430HIGHCVSS 8.8EG 8.82023-08-23
Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-44323MEDIUMCVSS 5.5EG 5.52023-10-30
Adobe Acrobat for Edge version 118.0.2088.46 (and earlier) is affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the curre…
- CVE-2023-44328MEDIUMCVSS 5.5EG 3.32023-11-16
Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such …
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →