VYPR

CWE-416

Use After Free

VariantStableLikelihood: High

Description

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (2,306)

page 97 of 116
  • CVE-2014-0203MedJun 23, 2014
    risk 0.29cvss 5.5epss 0.01

    The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open…

  • CVE-2026-8746MedMay 17, 2026
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discover_handler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation results in use after free. The attack can be launched remotely. The exploit has…

  • CVE-2026-6362MedApr 15, 2026
    risk 0.28cvss 4.3epss 0.00

    Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: High)

  • CVE-2025-43536MedDec 17, 2025
    risk 0.28cvss 4.3epss 0.01

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2025-43438MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.01

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected…

  • CVE-2025-43434MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.01

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected…

  • CVE-2025-43432MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.01

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2025-43368MedSep 15, 2025
    risk 0.28cvss 4.3epss 0.01

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.

  • CVE-2025-31239MedMay 12, 2025
    risk 0.28cvss 4.3epss 0.01

    A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to an unexpected…

  • CVE-2025-30427MedMar 31, 2025
    risk 0.28cvss 4.3epss 0.01

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected…

  • CVE-2024-40776MedJul 29, 2024
    risk 0.28cvss 4.3epss 0.01

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an…

  • CVE-2023-47233MedNov 3, 2023
    risk 0.28cvss 4.3epss 0.00

    The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is…

  • CVE-2016-8619MedAug 1, 2018
    risk 0.28cvss 5.3epss 0.05

    The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.

  • CVE-2016-8618MedJul 31, 2018
    risk 0.28cvss 5.3epss 0.05

    The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.

  • CVE-2017-5021MedFeb 17, 2017
    risk 0.28cvss 4.3epss 0.01

    A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2026-10232MedJun 1, 2026
    risk 0.27cvss 5.3epss 0.00

    A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::~aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit…

  • CVE-2026-1979MedFeb 6, 2026
    risk 0.27cvss 5.3epss 0.00

    A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been published and…

  • CVE-2025-13120MedNov 13, 2025
    risk 0.27cvss 5.3epss 0.00

    A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The…

  • CVE-2024-9979MedOct 15, 2024
    risk 0.27cvss 5.3epss 0.00

    A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.

  • CVE-2024-38375MedJun 26, 2024
    risk 0.27cvss 5.3epss 0.00

    @fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent…