Cyber Posture

CWE · MITRE source

CWE-416Use After Free

Abstraction: Variant · CVEs in our corpus: 7,046

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Last updated: 19 May 2026 14:18 UTC

NIST 800-53 r5 controls that address this weakness (1)AI

Control Title Family Why it addresses this CWE
SI-16Memory ProtectionSIUse-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2015-5119 KEV UPD9.69.80.93212015-07-08
CVE-2019-0708 KEV9.69.80.94452019-05-16
CVE-2021-22893 KEV9.610.00.93612021-04-23
CVE-2015-0313 KEV UPD9.59.80.92542015-02-02
CVE-2015-5122 KEV UPD9.59.80.92782015-07-14
CVE-2021-31166 KEV9.59.80.93072021-05-11
CVE-2020-3992 KEV9.49.80.90872020-10-20
CVE-2013-2551 KEV UPD9.38.80.92242013-03-11
CVE-2014-0322 KEV UPD9.38.80.92972014-02-14
CVE-2021-26411 KEV9.38.80.92472021-03-11
CVE-2012-4792 KEV UPD9.28.80.91242012-12-30
CVE-2018-4878 KEV9.27.80.93512018-02-06
CVE-2018-15982 KEV9.27.80.93612019-01-18
CVE-2009-4324 KEV UPD9.17.80.92862009-12-15
CVE-2012-4969 KEV UPD9.18.10.91782012-09-18
CVE-2013-3897 KEV UPD9.18.80.88212013-10-09
CVE-2017-0261 KEV UPD9.17.80.92302017-05-12
CVE-2019-13720 KEV9.18.80.89592019-11-25
CVE-2020-0674 KEV9.17.50.93782020-02-11
CVE-2021-40449 KEV9.17.80.91732021-10-13
CVE-2010-3962 KEV UPD9.08.10.88912010-11-05
CVE-2013-1347 KEV UPD9.08.80.87712013-05-05
CVE-2014-1776 KEV UPD9.09.80.84022014-04-27
CVE-2019-0211 KEV8.97.80.89572019-04-08
CVE-2013-3893 KEV UPD8.78.80.82612013-09-18