CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,398 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 99 of 148
- CVE-2024-47412HIGHCVSS 7.8EG 7.82024-10-09
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic…
- CVE-2024-47413HIGHCVSS 7.8EG 7.82024-10-09
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic…
- CVE-2024-47414HIGHCVSS 7.8EG 7.82024-10-09
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic…
- CVE-2024-47415HIGHCVSS 7.8EG 7.82024-10-09
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic…
- CVE-2024-47418HIGHCVSS 7.8EG 7.82024-10-09
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic…
- CVE-2024-4764CRITICALCVSS 9.8EG 9.82024-05-14
Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox < 126.
- CVE-2024-47666MEDIUMCVSS 5.5EG 5.52024-10-09
In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Set phy->enable_completion only when we wait for it pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RES…
- CVE-2024-47675HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() If bpf_link_prime() fails, bpf_uprobe_multi_link_attach() goes to the error_free label and frees the array of b…
- CVE-2024-47676HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway Syzbot reports a UAF in hugetlb_fault(). This happens because vmf_anon_prepare() could drop the per-VMA lock and a…
- CVE-2024-47691HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread() syzbot reports a f2fs bug as below: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 li…
- CVE-2024-47696HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency In the commit aee2424246f9 ("RDMA/iwcm: Fix a use-after-free related to destroying CM IDs"), the fun…
- CVE-2024-4770HIGHCVSS 8.8EG 8.82024-05-14
When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
- CVE-2024-47701HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem When looking up for an entry in an inlined directory, if e_value_offs is changed underneath the …
- CVE-2024-47706MEDIUMCVSS 5.5EG 5.52024-10-21
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible UAF for bfqq->bic with merge chain 1) initial state, three tasks: Process 1 Process 2 Process 3 (BIC1) (BIC2) (BIC3) …
- CVE-2024-4771HIGHCVSS 8.6EG 8.62024-05-14
A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 126.
- CVE-2024-47711HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: af_unix: Don't return OOB skb in manage_oob(). syzbot reported use-after-free in unix_stream_recv_urg(). [0] The scenario is 1. send(MSG_OOB) 2. recv(MSG_OOB) …
- CVE-2024-47718HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: always wait for both firmware loading attempts In 'rtw_wait_firmware_completion()', always wait for both (regular and wowlan) firmware loading attempts. Oth…
- CVE-2024-47730HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - inject error before stopping queue The master ooo cannot be completely closed when the accelerator core reports memory error. Therefore, the drive…
- CVE-2024-47732MEDIUMCVSS 5.5EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix potential use after free bug The free_device_compression_mode(iaa_device, device_mode) function frees "device_mode" but it iss passed to iaa_compressio…
- CVE-2024-47747HIGHCVSS 7.0EG 7.02024-10-21
In the Linux kernel, the following vulnerability has been resolved: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition In the ether3_probe function, a timer is initialized with a callback function ether3_l…
- CVE-2024-47748HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: vhost_vdpa: assign irq bypass producer token correctly We used to call irq_bypass_unregister_producer() in vhost_vdpa_setup_vq_irq() which is problematic as we don't kno…
- CVE-2024-47750HIGHCVSS 7.8EG 7.82024-10-21
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 Currently rsv_qp is freed before ib_unregister_device() is called on HIP08. During the time interval, users can still der…
- CVE-2024-4777HIGHCVSS 8.8EG 8.82024-05-14
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary …
- CVE-2024-47810HIGHCVSS 8.8EG 8.82024-12-18
A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption …
- CVE-2024-47814LOWCVSS 3.9EG 3.92024-10-07
Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the s…
- CVE-2024-47834CRITICALCVSS 9.1EG 9.12024-12-12
GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVAT…
- CVE-2024-47891HIGHCVSS 7.8EG 9.82025-01-31
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
- CVE-2024-47892HIGHCVSS 7.8EG 7.82024-12-13
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
- CVE-2024-47898HIGHCVSS 7.8EG 7.82025-01-31
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
- CVE-2024-47899HIGHCVSS 7.8EG 7.82025-01-31
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
- CVE-2024-48423HIGHCVSS 7.8EG 7.82024-10-24
An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library.
- CVE-2024-4855LOWCVSS 3.6EG 3.62024-05-14
Use after free issue in editcap could cause denial of service via crafted capture file
- CVE-2024-49003HIGHCVSS 8.8EG 8.82024-11-12
SQL Server Native Client Remote Code Execution Vulnerability
- CVE-2024-49016HIGHCVSS 8.8EG 8.82024-11-12
SQL Server Native Client Remote Code Execution Vulnerability
- CVE-2024-49021HIGHCVSS 7.8EG 7.82024-11-12
Microsoft SQL Server Remote Code Execution Vulnerability
- CVE-2024-49023MEDIUMCVSS 5.9EG 5.92024-10-18
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- CVE-2024-49027HIGHCVSS 7.8EG 7.82024-11-12
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2024-49032HIGHCVSS 7.8EG 7.82024-11-12
Microsoft Office Graphics Remote Code Execution Vulnerability
- CVE-2024-49069HIGHCVSS 7.8EG 7.82024-12-12
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2024-49074HIGHCVSS 7.8EG 7.82024-12-12
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
- CVE-2024-49079HIGHCVSS 7.8EG 7.82024-12-12
Input Method Editor (IME) Remote Code Execution Vulnerability
- CVE-2024-49097HIGHCVSS 7.0EG 7.02024-12-12
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
- CVE-2024-49106HIGHCVSS 8.1EG 8.12024-12-12
Windows Remote Desktop Services Remote Code Execution Vulnerability
- CVE-2024-49108HIGHCVSS 8.1EG 8.12024-12-12
Windows Remote Desktop Services Remote Code Execution Vulnerability
- CVE-2024-49115HIGHCVSS 8.1EG 8.12024-12-12
Windows Remote Desktop Services Remote Code Execution Vulnerability
- CVE-2024-49116HIGHCVSS 8.1EG 8.12024-12-12
Windows Remote Desktop Services Remote Code Execution Vulnerability
- CVE-2024-49118HIGHCVSS 8.1EG 8.12024-12-12
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
- CVE-2024-49122HIGHCVSS 8.1EG 8.12024-12-12
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
- CVE-2024-49126HIGHCVSS 8.1EG 8.12024-12-12
Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
- CVE-2024-49127HIGHCVSS 8.1EG 8.12024-12-12
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →