CWE-416 – Use After Free | Common Weakness Enumeration（CWE）

概要

CWE-416（Use After Free）は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。

セキュリティへの影響: セキュリティ影響：製品や文脈に依存します。CVE 記録、深刻度、MITRE の説明を参照して優先度を判断してください。

説明

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

適用プラットフォーム

種別	名称	クラス	普遍性	OS / CPE
language	—	Memory-Unsafe	Often	—
language	C	—	Often	—
language	C++	—	Often	—

このデータベースの関連 CVE

これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。

CVE	公開	概要
CVE-2026-50263	2026-06-05	A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, lea…
CVE-2026-50261	2026-06-05	A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a…
CVE-2026-50260	2026-06-05	A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroyi…
CVE-2026-50257	2026-06-05	A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacke…
CVE-2026-11307	2026-06-05	Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)
CVE-2026-11306	2026-06-05	Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)
CVE-2026-11305	2026-06-05	Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)
CVE-2026-11304	2026-06-05	Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Low)
CVE-2026-11303	2026-06-05	Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)
CVE-2026-11293	2026-06-05	Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-11262	2026-06-05	Use after free in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-11250	2026-06-05	Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from pro…
CVE-2026-11249	2026-06-05	Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via…
CVE-2026-11230	2026-06-04	Use after free in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-11224	2026-06-04	Use after free in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Low)
CVE-2026-11208	2026-06-04	Use after free in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security s…
CVE-2026-11201	2026-06-04	Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extensi…
CVE-2026-11188	2026-06-04	Use after free in USB in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)…
CVE-2026-11185	2026-06-04	Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome E…
CVE-2026-11177	2026-06-04	Use after free in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted …

コンテンツ投稿

名称: 7 Pernicious Kingdoms
日付: 2006-07-19
バージョン: Draft 3

コンテンツの変更履歴

日付	名称	バージョン	重要度	コメント
2008-07-01	Eric Dalci	1.0	—	updated Potential_Mitigations, Time_of_Introduction
2008-08-01	—	1.0	—	added/updated white box definitions
2008-09-08	CWE Content Team	1.0	—	updated Applicable_Platforms, Common_Consequences, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings
2008-11-24	CWE Content Team	1.1	—	updated Relationships, Taxonomy_Mappings
2009-03-10	CWE Content Team	1.3	—	updated Demonstrative_Examples
2009-05-27	CWE Content Team	1.4	—	updated Demonstrative_Examples
2009-10-29	CWE Content Team	1.6	—	updated Common_Consequences
2010-02-16	CWE Content Team	1.8	—	updated Relationships
2010-06-21	CWE Content Team	1.9	—	updated Potential_Mitigations
2010-09-27	CWE Content Team	1.10	—	updated Observed_Examples, Relationships
2010-12-13	CWE Content Team	1.11	—	updated Alternate_Terms, Common_Consequences, Description, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships
2011-03-29	CWE Content Team	1.12	—	updated Description
2011-06-01	CWE Content Team	1.13	—	updated Common_Consequences
2011-06-27	CWE Content Team	2.0	—	updated Demonstrative_Examples
2011-09-13	CWE Content Team	2.1	—	updated Relationships, Taxonomy_Mappings
2012-05-11	CWE Content Team	2.2	—	updated References, Relationships
2014-07-30	CWE Content Team	2.8	—	updated Relationships, Taxonomy_Mappings
2015-12-07	CWE Content Team	2.9	—	updated Relationships
2017-11-08	CWE Content Team	3.0	—	updated Demonstrative_Examples, Relationships, Taxonomy_Mappings, White_Box_Definitions
2019-01-03	CWE Content Team	3.2	—	updated Relationships
2019-06-20	CWE Content Team	3.3	—	updated Relationships, Type
2019-09-19	CWE Content Team	3.4	—	updated Relationships
2020-02-24	CWE Content Team	4.0	—	updated References, Relationships, Taxonomy_Mappings
2020-06-25	CWE Content Team	4.1	—	updated Relationships
2020-08-20	CWE Content Team	4.2	—	updated Relationships
2020-12-10	CWE Content Team	4.3	—	updated Relationships
2021-07-20	CWE Content Team	4.5	—	updated Relationships
2022-06-28	CWE Content Team	4.8	—	updated Observed_Examples, Relationships
2022-10-13	CWE Content Team	4.9	—	updated Description, Relationships, Taxonomy_Mappings
2023-04-27	CWE Content Team	4.11	—	updated Detection_Factors, Relationships, Time_of_Introduction
2023-06-29	CWE Content Team	4.12	—	updated Mapping_Notes, Relationships
2023-10-26	CWE Content Team	4.13	—	updated Observed_Examples
2024-02-29	CWE Content Team	4.14	—	updated Taxonomy_Mappings
2024-07-16	CWE Content Team	4.15	—	updated Alternate_Terms, Common_Consequences, Description, Diagram, Potential_Mitigations, Relationships, Weakness_Ordinalities
2024-11-19	CWE Content Team	4.16	—	updated Relationships
2025-04-03	CWE Content Team	4.17	—	updated Observed_Examples
2025-09-09	CWE Content Team	4.18	—	updated Functional_Areas
2025-12-11	CWE Content Team	4.19	—	updated Applicable_Platforms, Detection_Factors, References, Relationships
2026-04-30	CWE Content Team	4.20	—	updated Common_Consequences, Observed_Examples

貢献

タイプ	名称	日付	コメント
Feedback	Anonymous External Contributor	2022-06-28	Suggested rephrase for extended description
Content	participants in the CWE ICS/OT SIG 62443 Mapping Fall Workshop	2023-11-14	Contributed or reviewed taxonomy mappings for ISA/IEC 62443
Content	Abhi Balakrishnan	2024-02-29	Provided diagram to improve CWE usability