CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,393 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 87 of 148
- CVE-2024-1077HIGHCVSS 8.8EG 8.82024-01-30
Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)
- CVE-2024-10826HIGHCVSS 8.8EG 8.82024-11-06
Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-10827HIGHCVSS 8.8EG 8.82024-11-06
Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-1085HIGHCVSS 7.8EG 7.82024-01-31
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active …
- CVE-2024-1086HIGHCVSS 7.8EG 9.0⚠ KEV2024-01-31
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and …
- CVE-2024-11112HIGHCVSS 8.8EG 7.52024-11-12
Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2024-11113HIGHCVSS 8.8EG 8.82024-11-12
Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2024-11155HIGHCVSS 7.8EG 7.82024-12-05
A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat acto…
- CVE-2024-11235HIGHCVSS 8.1EG 8.12025-04-04
In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to t…
- CVE-2024-11521HIGHCVSS 7.8EG 7.82024-11-22
IrfanView DJVU File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulne…
- CVE-2024-11525HIGHCVSS 7.8EG 7.82024-11-22
IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulner…
- CVE-2024-11545HIGHCVSS 7.8EG 7.82024-11-22
IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulner…
- CVE-2024-11570HIGHCVSS 7.8EG 7.82024-11-22
IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulner…
- CVE-2024-12175HIGHCVSS 7.8EG 7.82024-12-19
Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a thre…
- CVE-2024-12382HIGHCVSS 8.8EG 8.82024-12-12
Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-12548LOWCVSS 3.3EG 3.32025-02-11
Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. Us…
- CVE-2024-12694HIGHCVSS 8.8EG 8.82024-12-18
Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-12837HIGHCVSS 7.8EG 7.82025-03-07
Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory.
- CVE-2024-1284CRITICALCVSS 9.8EG 9.82024-02-07
Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-1312MEDIUMCVSS 5.1EG 5.12024-02-08
A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system.
- CVE-2024-1395MEDIUMCVSS 6.7EG 6.72024-05-03
Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this …
- CVE-2024-1454LOWCVSS 3.4EG 3.42024-02-12
The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to…
- CVE-2024-1670HIGHCVSS 8.8EG 8.82024-02-21
Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-1673HIGHCVSS 8.8EG 8.82024-02-21
Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
- CVE-2024-1847HIGHCVSS 7.8EG 7.82024-02-28
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings fr…
- CVE-2024-1848HIGHCVSS 7.8EG 7.82024-03-22
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS D…
- CVE-2024-20655MEDIUMCVSS 6.6EG 6.62024-01-09
Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability
- CVE-2024-20681HIGHCVSS 7.8EG 7.82024-01-09
Windows Subsystem for Linux Elevation of Privilege Vulnerability
- CVE-2024-20683HIGHCVSS 7.8EG 7.82024-01-09
Win32k Elevation of Privilege Vulnerability
- CVE-2024-20729HIGHCVSS 7.8EG 7.82024-02-15
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…
- CVE-2024-20731HIGHCVSS 7.8EG 7.82024-02-15
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…
- CVE-2024-20734MEDIUMCVSS 5.5EG 5.52024-02-15
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as AS…
- CVE-2024-20752HIGHCVSS 7.8EG 7.82024-03-18
Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vict…
- CVE-2024-20765HIGHCVSS 7.8EG 7.82024-02-29
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…
- CVE-2024-20789HIGHCVSS 7.8EG 7.82024-08-14
Dimension versions 3.4.11 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu…
- CVE-2024-20792HIGHCVSS 7.8EG 7.82024-05-16
Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v…
- CVE-2024-20833MEDIUMCVSS 4.1EG 4.12024-03-05
Use after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2024 Release 1 due to race condition allows local attackers with system privilege to cause memory corruption.
- CVE-2024-20861MEDIUMCVSS 6.0EG 6.02024-05-07
Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory corruption.
- CVE-2024-20952HIGHCVSS 7.4EG 7.42024-01-16
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 2…
- CVE-2024-21303HIGHCVSS 8.8EG 8.82024-07-09
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
- CVE-2024-21307HIGHCVSS 7.5EG 7.52024-01-09
Remote Desktop Client Remote Code Execution Vulnerability
- CVE-2024-21308HIGHCVSS 8.8EG 8.82024-07-09
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
- CVE-2024-21326CRITICALCVSS 9.6EG 9.62024-01-26
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- CVE-2024-21332HIGHCVSS 8.8EG 8.82024-07-09
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
- CVE-2024-21334CRITICALCVSS 9.8EG 9.82024-03-12
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
- CVE-2024-21339MEDIUMCVSS 6.4EG 6.42024-02-13
Windows USB Generic Parent Driver Remote Code Execution Vulnerability
- CVE-2024-21375HIGHCVSS 8.8EG 8.82024-02-13
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- CVE-2024-21384HIGHCVSS 7.8EG 7.82024-02-13
Microsoft Office OneNote Remote Code Execution Vulnerability
- CVE-2024-21385HIGHCVSS 8.3EG 8.32024-01-26
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- CVE-2024-21399HIGHCVSS 8.3EG 8.32024-02-02
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →