CWE-416

GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code.

The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-free via an unknown object in a crafted .docx file.

GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.

An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution.

An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion.

libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.