VYPR

CWE-416

Use After Free

VariantStableLikelihood: High

Description

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (2,306)

page 98 of 116
  • CVE-2019-7317MedFeb 4, 2019
    risk 0.27cvss 5.3epss 0.09

    png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

  • CVE-2026-34983MedApr 9, 2026
    risk 0.26cvss 5.0epss 0.00

    Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host.…

  • CVE-2026-34757MedApr 9, 2026
    risk 0.26cvss 5.1epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter…

  • CVE-2025-0240MedJan 7, 2025
    risk 0.26cvss 4.0epss 0.01

    Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.

  • CVE-2026-50219MedJun 4, 2026
    risk 0.25cvss 4.9epss 0.00

    libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,

  • CVE-2026-10639MedJun 16, 2026
    risk 0.24cvss 4.8epss 0.00

    In Zephyr's native IPv4 stack, icmpv4_handle_echo_request() in subsys/net/ip/icmpv4.c builds an echo-reply packet (reply), hands it to net_try_send_data(), and then, on success, calls net_stats_update_icmp_sent(net_pkt_iface(reply)). net_try_send_data() transfers ownership of…

  • CVE-2026-10634MedJun 15, 2026
    risk 0.24cvss 4.8epss 0.00

    Zephyr's native TCP stack iterates the global connection list in net_tcp_foreach() (subsys/net/ip/tcp.c) using the SYS_SLIST_FOR_EACH_CONTAINER_SAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcp_lock while invoking the…

  • CVE-2025-4878LowJul 22, 2025
    risk 0.23cvss 3.6epss 0.00

    A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap…

  • CVE-2018-1000030LowFeb 8, 2018
    risk 0.23cvss 3.6epss 0.01

    Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when…

  • CVE-2026-52757MedJun 10, 2026
    risk 0.22cvss 4.4epss 0.00

    Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap…

  • CVE-2026-11623MedJun 9, 2026
    risk 0.22cvss 4.5epss 0.00

    A security vulnerability has been detected in tmux up to 3.6a. Affected is the function image_free of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The…

  • CVE-2024-43374MedAug 16, 2024
    risk 0.22cvss 4.5epss 0.00

    The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it…

  • CVE-2019-5786KEVJun 27, 2019
    risk 0.22cvss epss 0.62

    Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

  • CVE-2016-8623LowAug 1, 2018
    risk 0.22cvss 3.3epss 0.03

    A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.

  • CVE-2026-2889LowFeb 21, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit is now public and may be used.…

  • CVE-2026-2660LowFeb 18, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash_for_name of the file src/lily_symtab.c. The manipulation leads to use after free. Local access is required to approach this attack. The exploit is publicly available…

  • CVE-2025-6856LowJun 29, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may…

  • CVE-2025-6275LowJun 19, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the…

  • CVE-2026-10640MedJun 16, 2026
    risk 0.20cvss 4.2epss 0.00

    Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na, net_ipv6_send_ns, net_ipv6_send_rs in subsys/net/ip/ipv6_nbr.c) updated the per-interface ICMP-sent statistics by calling net_pkt_iface(pkt) after net_send_data(pkt) had already returned successfully. On the success…

  • CVE-2026-8553LowMay 14, 2026
    risk 0.20cvss 3.1epss 0.00

    Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)