CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,395 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 92 of 148
- CVE-2024-30343HIGHCVSS 7.8EG 7.82024-04-02
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit thi…
- CVE-2024-30344HIGHCVSS 7.8EG 7.82024-04-02
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this …
- CVE-2024-30345HIGHCVSS 7.8EG 7.82024-04-02
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this …
- CVE-2024-30346HIGHCVSS 7.8EG 7.82024-04-02
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this …
- CVE-2024-30351HIGHCVSS 7.8EG 7.82024-04-02
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this …
- CVE-2024-30352HIGHCVSS 7.8EG 7.82024-04-02
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this …
- CVE-2024-30354HIGHCVSS 7.8EG 7.82024-04-02
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this …
- CVE-2024-30358HIGHCVSS 7.8EG 7.82024-04-02
Foxit PDF Reader AcroForm User-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this…
- CVE-2024-30360HIGHCVSS 7.8EG 7.82024-04-02
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this …
- CVE-2024-30361HIGHCVSS 7.8EG 7.82024-04-02
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this …
- CVE-2024-30362HIGHCVSS 7.8EG 7.82024-04-02
Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to explo…
- CVE-2024-30365HIGHCVSS 7.8EG 7.82024-04-02
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this …
- CVE-2024-30366HIGHCVSS 7.8EG 7.82024-04-03
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this …
- CVE-2024-30367HIGHCVSS 7.8EG 7.82024-04-02
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this …
- CVE-2024-30371HIGHCVSS 7.8EG 7.82024-04-02
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this …
- CVE-2024-30375HIGHCVSS 7.8EG 7.82024-06-06
Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is require…
- CVE-2024-30378MEDIUMCVSS 5.5EG 5.52024-04-16
A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI com…
- CVE-2024-30386MEDIUMCVSS 5.3EG 5.32024-04-12
A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS). …
- CVE-2024-30416HIGHCVSS 7.5EG 7.52024-04-07
Use After Free (UAF) vulnerability in the underlying driver module. Impact: Successful exploitation of this vulnerability will affect availability.
- CVE-2024-30807HIGHCVSS 7.5EG 7.52024-04-02
An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_UnknownAtom::~AP4_UnknownAtom at Ap4Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts.
- CVE-2024-30808LOWCVSS 2.7EG 2.72024-04-02
An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_SubStream::~AP4_SubStream at Ap4ByteStream.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts.
- CVE-2024-30809HIGHCVSS 7.5EG 7.52024-04-02
An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in Ap4Sample.h in AP4_Sample::GetOffset() const, leading to a Denial of Service (DoS), as demonstrated by mp42ts.
- CVE-2024-31083HIGHCVSS 7.8EG 7.82024-04-05
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entr…
- CVE-2024-31339HIGHCVSS 7.8EG 7.82024-07-09
In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e…
- CVE-2024-31578HIGHCVSS 7.5EG 7.52024-04-17
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.
- CVE-2024-3158HIGHCVSS 8.8EG 8.82024-04-06
Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-31583HIGHCVSS 7.8EG 7.82024-04-17
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.
- CVE-2024-3168HIGHCVSS 8.8EG 8.82024-07-16
Use after free in DevTools in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2024-3169HIGHCVSS 8.8EG 8.82024-07-16
Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-3170HIGHCVSS 8.8EG 8.82024-07-16
Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-3171HIGHCVSS 8.8EG 8.82024-07-16
Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security se…
- CVE-2024-3187MEDIUMCVSS 5.9EG 5.92024-10-17
This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVA…
- CVE-2024-31960HIGHCVSS 7.8EG 7.82024-09-10
An issue was discovered in Samsung Mobile Processor Exynos 1480, Exynos 2400. The xclipse amdgpu driver has a reference count bug. This can lead to a use after free.
- CVE-2024-32502HIGHCVSS 8.4EG 8.42024-06-07
An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper reference count checking, w…
- CVE-2024-32503HIGHCVSS 8.4EG 8.42024-06-07
An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper memory deallocation checkin…
- CVE-2024-32610MEDIUMCVSS 5.7EG 5.72024-05-14
HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruction pointer.
- CVE-2024-32900HIGHCVSS 7.8EG 7.82024-06-13
In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking. This could lead to local escalation of privilege from hal_camera_default SELinux label with no additional execution privileges needed. User i…
- CVE-2024-32927HIGHCVSS 7.8EG 7.82024-08-19
In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploit…
- CVE-2024-32929HIGHCVSS 8.1EG 8.12024-06-13
In gpu_slc_get_region of pixel_gpu_slc.c, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-32974MEDIUMCVSS 5.9EG 5.92024-06-04
Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers aft…
- CVE-2024-3299HIGHCVSS 7.8EG 7.82024-04-04
Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attac…
- CVE-2024-33010HIGHCVSS 7.5EG 7.52024-08-05
Transient DOS while parsing fragments of MBSSID IE from beacon frame.
- CVE-2024-33023HIGHCVSS 8.4EG 8.42024-08-05
Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.
- CVE-2024-33028HIGHCVSS 8.4EG 8.42024-08-05
Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.
- CVE-2024-33029MEDIUMCVSS 6.7EG 6.72024-11-04
Memory corruption while handling the PDR in driver for getting the remote heap maps.
- CVE-2024-33033MEDIUMCVSS 6.7EG 6.72024-11-04
Memory corruption while processing IOCTL calls to unmap the buffers.
- CVE-2024-33034HIGHCVSS 8.4EG 8.42024-08-05
Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.
- CVE-2024-33040MEDIUMCVSS 6.7EG 6.72024-12-02
Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access.
- CVE-2024-33053MEDIUMCVSS 6.7EG 6.72024-12-02
Memory corruption when multiple threads try to unregister the CVP buffer at the same time.
- CVE-2024-33055MEDIUMCVSS 6.7EG 6.72025-01-06
Memory corruption while invoking IOCTL calls to unmap the DMA buffers.
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →