VYPR

CWE-416

Use After Free

VariantStableLikelihood: High

Description

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (2,306)

page 5 of 116
  • CVE-2025-11719CriOct 14, 2025
    risk 0.64cvss 9.8epss 0.00

    Starting in Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability was fixed in Firefox 144 and Thunderbird 144.

  • CVE-2025-11708CriOct 14, 2025
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in MediaTrackGraphImpl::GetInstance(). This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

  • CVE-2025-50518CriAug 14, 2025
    risk 0.64cvss 9.8epss 0.00

    A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU object, leading to potential memory corruption or the possibility of executing…

  • CVE-2025-43222CriJul 30, 2025
    risk 0.64cvss 9.8epss 0.01

    A use-after-free issue was addressed by removing the vulnerable code. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker may be able to cause unexpected app termination.

  • CVE-2025-6424CriJun 24, 2025
    risk 0.64cvss 9.8epss 0.03

    A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.

  • CVE-2025-1009CriFeb 4, 2025
    risk 0.64cvss 9.8epss 0.01

    An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

  • CVE-2024-38612CriJun 19, 2024
    risk 0.64cvss 9.8epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defined. In that case if seg6_hmac_init() fails, the genl_unregister_family() isn't…

  • CVE-2018-9476CriOct 2, 2018
    risk 0.64cvss 9.8epss 0.02

    In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation.…

  • CVE-2018-17611CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

  • CVE-2018-17610CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

  • CVE-2018-17609CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

  • CVE-2018-17608CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

  • CVE-2018-17607CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

  • CVE-2018-14809CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.03

    Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution.

  • CVE-2018-1000217CriAug 20, 2018
    risk 0.64cvss 9.8epss 0.02

    Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application…

  • CVE-2018-14744CriJul 30, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A use-after-free can occur in _pbcM_sp_query in map.c.

  • CVE-2018-5011CriJul 20, 2018
    risk 0.64cvss 9.8epss 0.09

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-5009CriJul 20, 2018
    risk 0.64cvss 9.8epss 0.09

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-12792CriJul 20, 2018
    risk 0.64cvss 9.8epss 0.09

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-12791CriJul 20, 2018
    risk 0.64cvss 9.8epss 0.09

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.