VYPR

CWE-416

Use After Free

VariantStableLikelihood: High

Description

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (2,306)

page 34 of 116
  • CVE-2026-23226HigFeb 18, 2026
    risk 0.57cvss 8.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: add chann_lock to protect ksmbd_chann_list xarray ksmbd_chann_list xarray lacks synchronization, allowing use-after-free in multi-channel sessions (between lookup_chann_list() and ksmbd_chann_del). …

  • CVE-2026-23193HigFeb 14, 2026
    risk 0.57cvss 8.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() In iscsit_dec_session_usage_count(), the function calls complete() while holding the sess->session_usage_lock. Similar to the…

  • CVE-2026-24869HigJan 27, 2026
    risk 0.57cvss 8.8epss 0.00

    Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2.

  • CVE-2026-0882HigJan 13, 2026
    risk 0.57cvss 8.8epss 0.00

    Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

  • CVE-2025-13020HigNov 11, 2025
    risk 0.57cvss 8.8epss 0.00

    Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

  • CVE-2025-13014HigNov 11, 2025
    risk 0.57cvss 8.8epss 0.00

    Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.

  • CVE-2025-59734HigOct 6, 2025
    risk 0.57cvss epss 0.00

    It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion <2. When a STOR chunk is present, a subsequent FOBJ chunk will be saved in ctx->stored_frame. Stored frames can later be referenced by FTCH chunks. For files…

  • CVE-2025-37924CriMay 20, 2025
    risk 0.57cvss 9.8epss 0.10

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in kerberos authentication Setting sess->user = NULL was introduced to fix the dangling pointer created by ksmbd_free_user. However, it is possible another thread could be operating…

  • CVE-2025-24252HigApr 29, 2025
    risk 0.57cvss 8.8epss 0.01

    A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt…

  • CVE-2025-1930HigMar 4, 2025
    risk 0.57cvss 8.8epss 0.00

    On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136,…

  • CVE-2025-1010HigFeb 4, 2025
    risk 0.57cvss 8.8epss 0.00

    An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

  • CVE-2024-54499HigJan 27, 2025
    risk 0.57cvss 8.8epss 0.01

    A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted image may lead to arbitrary code execution.

  • CVE-2024-35955HigMay 20, 2024
    risk 0.57cvss 8.8epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time.…

  • CVE-2023-29824CriJul 6, 2023
    risk 0.57cvss 9.8epss 0.01

    A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.

  • CVE-2022-27046HigApr 8, 2022
    risk 0.57cvss 8.8epss 0.01

    libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388.

  • CVE-2021-41715HigApr 8, 2022
    risk 0.57cvss 8.8epss 0.01

    libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379.

  • CVE-2021-24037CriJun 15, 2021
    risk 0.57cvss 9.8epss 0.02

    A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits…

  • CVE-2021-3518HigMay 18, 2021
    risk 0.57cvss 8.8epss 0.04

    There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

  • CVE-2021-28032CriMar 5, 2021
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violation in split_at because two mutable references can exist for the same element, if Borrow behaves in certain ways. This can have a resultant out-of-bounds write or…

  • CVE-2020-35873CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free.