CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,392 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 81 of 148
- CVE-2023-44336HIGHCVSS 7.8EG 7.82023-11-16
Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i…
- CVE-2023-44359HIGHCVSS 7.8EG 7.82023-11-16
Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i…
- CVE-2023-44361MEDIUMCVSS 5.5EG 5.52023-11-16
Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypa…
- CVE-2023-44367HIGHCVSS 7.8EG 7.82023-11-16
Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i…
- CVE-2023-44371HIGHCVSS 7.8EG 7.82023-11-16
Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i…
- CVE-2023-44372HIGHCVSS 7.8EG 7.82023-11-16
Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i…
- CVE-2023-44430HIGHCVSS 7.8EG 7.82024-05-03
Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this …
- CVE-2023-44435HIGHCVSS 7.8EG 7.82024-05-03
Kofax Power PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit thi…
- CVE-2023-44436HIGHCVSS 7.8EG 7.82024-05-03
Kofax Power PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit thi…
- CVE-2023-44446HIGHCVSS 8.8EG 8.82024-05-03
GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploi…
- CVE-2023-45322MEDIUMCVSS 6.5EG 6.52023-10-06
libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CV…
- CVE-2023-4572HIGHCVSS 8.8EG 8.82023-08-29
Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-4573MEDIUMCVSS 6.5EG 6.52023-09-11
When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, …
- CVE-2023-4574MEDIUMCVSS 6.5EG 6.52023-09-11
When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have l…
- CVE-2023-4575MEDIUMCVSS 6.5EG 6.52023-09-11
When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have le…
- CVE-2023-45898HIGHCVSS 7.8EG 7.82023-10-16
The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.
- CVE-2023-4611MEDIUMCVSS 6.3EG 7.02023-08-29
A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead …
- CVE-2023-46156HIGHCVSS 7.5EG 7.52023-12-12
Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations.
- CVE-2023-4622HIGHCVSS 7.0EG 7.82023-09-06
A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking …
- CVE-2023-4623HIGHCVSS 7.8EG 7.82023-09-06
A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set)…
- CVE-2023-46246MEDIUMCVSS 5.5EG 4.02023-10-27
Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cm…
- CVE-2023-46362MEDIUMCVSS 5.5EG 5.52023-11-08
jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2enc_auto_threshold_using_hash in src/jbig2enc.cc.
- CVE-2023-46691HIGHCVSS 7.9EG 7.92024-05-16
Use after free in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2023-46708MEDIUMCVSS 4.3EG 4.32024-03-04
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.
- CVE-2023-46751HIGHCVSS 7.5EG 7.52023-12-06
An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.
- CVE-2023-46768HIGHCVSS 7.5EG 7.52023-11-08
Multi-thread vulnerability in the idmap module. Successful exploitation of this vulnerability may cause features to perform abnormally.
- CVE-2023-46769HIGHCVSS 7.5EG 7.52023-11-08
Use-After-Free (UAF) vulnerability in the dubai module. Successful exploitation of this vulnerability will affect availability.
- CVE-2023-4679MEDIUMCVSS 5.5EG 5.92024-11-15
A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a double-free condition, which may cause the appl…
- CVE-2023-46850CRITICALCVSS 9.8EG 9.82023-11-11
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
- CVE-2023-47055HIGHCVSS 7.8EG 7.82023-11-16
Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user …
- CVE-2023-47075HIGHCVSS 7.8EG 7.82023-12-13
Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user …
- CVE-2023-47233MEDIUMCVSS 4.3EG 4.32023-11-03
The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be explo…
- CVE-2023-4733HIGHCVSS 7.8EG 7.32023-09-04
Use After Free in GitHub repository vim/vim prior to 9.0.1840.
- CVE-2023-4750HIGHCVSS 7.8EG 7.82023-09-04
Use After Free in GitHub repository vim/vim prior to 9.0.1857.
- CVE-2023-4752HIGHCVSS 7.8EG 7.82023-09-04
Use After Free in GitHub repository vim/vim prior to 9.0.1858.
- CVE-2023-4755MEDIUMCVSS 5.5EG 5.32023-09-04
Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.
- CVE-2023-4763HIGHCVSS 8.8EG 8.82023-09-05
Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-47857MEDIUMCVSS 5.5EG 4.02024-01-02
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer.
- CVE-2023-48011HIGHCVSS 7.8EG 7.82023-11-15
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c.
- CVE-2023-48024MEDIUMCVSS 6.5EG 6.52023-11-17
Liblisp through commit 4c65969 was discovered to contain a use-after-free vulnerability in void hash_destroy(hash_table_t *h) at hash.c
- CVE-2023-4806MEDIUMCVSS 5.9EG 5.92023-09-18
A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _n…
- CVE-2023-4813MEDIUMCVSS 5.9EG 5.92023-09-12
A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hos…
- CVE-2023-48184LOWCVSS 3.9EG 3.92024-04-23
QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures.
- CVE-2023-48231MEDIUMCVSS 4.3EG 3.92023-11-16
Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in com…
- CVE-2023-48353MEDIUMCVSS 4.4EG 4.42024-01-18
In vsp driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed
- CVE-2023-48360MEDIUMCVSS 5.5EG 4.02024-01-02
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.
- CVE-2023-48414MEDIUMCVSS 6.7EG 6.72023-12-08
In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
- CVE-2023-48633HIGHCVSS 7.8EG 7.82023-12-13
Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires…
- CVE-2023-48706MEDIUMCVSS 4.7EG 3.62023-11-22
Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the…
- CVE-2023-4891MEDIUMCVSS 5.5EG 5.52023-11-08
A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service.
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →