CWE-416
Use After Free
Description
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (2,306)
page 34 of 116| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-23226 | Hig | 0.57 | 8.8 | 0.00 | Feb 18, 2026 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: add chann_lock to protect ksmbd_chann_list xarray ksmbd_chann_list xarray lacks synchronization, allowing use-after-free in multi-channel sessions (between lookup_chann_list() and ksmbd_chann_del). … | ||
| CVE-2026-23193 | Hig | 0.57 | 8.8 | 0.00 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() In iscsit_dec_session_usage_count(), the function calls complete() while holding the sess->session_usage_lock. Similar to the… | ||
| CVE-2026-24869 | Hig | 0.57 | 8.8 | 0.00 | Jan 27, 2026 | Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2. | ||
| CVE-2026-0882 | Hig | 0.57 | 8.8 | 0.00 | Jan 13, 2026 | Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. | ||
| CVE-2025-13020 | Hig | 0.57 | 8.8 | 0.00 | Nov 11, 2025 | Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5. | ||
| CVE-2025-13014 | Hig | 0.57 | 8.8 | 0.00 | Nov 11, 2025 | Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5. | ||
| CVE-2025-59734 | — | Hig | 0.57 | — | 0.00 | Oct 6, 2025 | It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion <2. When a STOR chunk is present, a subsequent FOBJ chunk will be saved in ctx->stored_frame. Stored frames can later be referenced by FTCH chunks. For files… | |
| CVE-2025-37924 | Cri | 0.57 | 9.8 | 0.10 | May 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in kerberos authentication Setting sess->user = NULL was introduced to fix the dangling pointer created by ksmbd_free_user. However, it is possible another thread could be operating… | ||
| CVE-2025-24252 | Hig | 0.57 | 8.8 | 0.01 | Apr 29, 2025 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt… | ||
| CVE-2025-1930 | Hig | 0.57 | 8.8 | 0.00 | Mar 4, 2025 | On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136,… | ||
| CVE-2025-1010 | Hig | 0.57 | 8.8 | 0.00 | Feb 4, 2025 | An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135. | ||
| CVE-2024-54499 | Hig | 0.57 | 8.8 | 0.01 | Jan 27, 2025 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted image may lead to arbitrary code execution. | ||
| CVE-2024-35955 | Hig | 0.57 | 8.8 | 0.01 | May 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time.… | ||
| CVE-2023-29824 | — | Cri | 0.57 | 9.8 | 0.01 | Jul 6, 2023 | A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue. | |
| CVE-2022-27046 | Hig | 0.57 | 8.8 | 0.01 | Apr 8, 2022 | libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388. | ||
| CVE-2021-41715 | Hig | 0.57 | 8.8 | 0.01 | Apr 8, 2022 | libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379. | ||
| CVE-2021-24037 | — | Cri | 0.57 | 9.8 | 0.02 | Jun 15, 2021 | A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits… | |
| CVE-2021-3518 | — | Hig | 0.57 | 8.8 | 0.04 | May 18, 2021 | There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. | |
| CVE-2021-28032 | — | Cri | 0.57 | 9.8 | 0.01 | Mar 5, 2021 | An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violation in split_at because two mutable references can exist for the same element, if Borrow behaves in certain ways. This can have a resultant out-of-bounds write or… | |
| CVE-2020-35873 | — | Cri | 0.57 | 9.8 | 0.02 | Dec 31, 2020 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free. |
- risk 0.57cvss 8.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ksmbd: add chann_lock to protect ksmbd_chann_list xarray ksmbd_chann_list xarray lacks synchronization, allowing use-after-free in multi-channel sessions (between lookup_chann_list() and ksmbd_chann_del). …
- risk 0.57cvss 8.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() In iscsit_dec_session_usage_count(), the function calls complete() while holding the sess->session_usage_lock. Similar to the…
- risk 0.57cvss 8.8epss 0.00
Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2.
- risk 0.57cvss 8.8epss 0.00
Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
- risk 0.57cvss 8.8epss 0.00
Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.
- risk 0.57cvss 8.8epss 0.00
Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.
- risk 0.57cvss —epss 0.00
It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion <2. When a STOR chunk is present, a subsequent FOBJ chunk will be saved in ctx->stored_frame. Stored frames can later be referenced by FTCH chunks. For files…
- risk 0.57cvss 9.8epss 0.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in kerberos authentication Setting sess->user = NULL was introduced to fix the dangling pointer created by ksmbd_free_user. However, it is possible another thread could be operating…
- risk 0.57cvss 8.8epss 0.01
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt…
- risk 0.57cvss 8.8epss 0.00
On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136,…
- risk 0.57cvss 8.8epss 0.00
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.
- risk 0.57cvss 8.8epss 0.01
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted image may lead to arbitrary code execution.
- risk 0.57cvss 8.8epss 0.01
In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time.…
- risk 0.57cvss 9.8epss 0.01
A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.
- risk 0.57cvss 8.8epss 0.01
libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388.
- risk 0.57cvss 8.8epss 0.01
libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379.
- risk 0.57cvss 9.8epss 0.02
A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits…
- risk 0.57cvss 8.8epss 0.04
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
- risk 0.57cvss 9.8epss 0.01
An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violation in split_at because two mutable references can exist for the same element, if Borrow behaves in certain ways. This can have a resultant out-of-bounds write or…
- risk 0.57cvss 9.8epss 0.02
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free.