CWE-401
AllowedMissing Release of Memory after Effective Lifetime
Abstraction: Variant · Status: Draft
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
2002 vulnerabilities reference this CWE, most recent first.
GHSA-GWFQ-9R54-HP7M
Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-05-24 17:46Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables
{
"affected": [],
"aliases": [
"CVE-2020-11255"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-07T08:15:00Z",
"severity": "HIGH"
},
"details": "Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables",
"id": "GHSA-gwfq-9r54-hp7m",
"modified": "2022-05-24T17:46:43Z",
"published": "2022-05-24T17:46:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11255"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GWMJ-2RHQ-QPJX
Vulnerability from github – Published: 2022-05-13 01:21 – Updated: 2022-05-13 01:21A disk space or quota exhaustion issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which will never be deleted by the plug-in.
{
"affected": [],
"aliases": [
"CVE-2019-1000031"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-27T18:29:00Z",
"severity": "HIGH"
},
"details": "A disk space or quota exhaustion issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which will never be deleted by the plug-in.",
"id": "GHSA-gwmj-2rhq-qpjx",
"modified": "2022-05-13T01:21:42Z",
"published": "2022-05-13T01:21:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000031"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Mar/49"
},
{
"type": "WEB",
"url": "https://wpvulndb.com/vulnerabilities/9246"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/152236/WordPress-article2pdf-0.24-DoS-File-Deletion-Disclosure.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GWVH-RGQ7-HJCW
Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-04-27 15:30In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial
In rxrpc_post_response(), the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but looks at the newer packet private data instead, rendering the comparison always false.
Fix this by switching to look at the older packet.
Fix further[1] to substitute the new packet in place of the old one if newer and also to release whichever we don't use.
{
"affected": [],
"aliases": [
"CVE-2026-31640"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-24T15:16:43Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix use of wrong skb when comparing queued RESP challenge serial\n\nIn rxrpc_post_response(), the code should be comparing the challenge serial\nnumber from the cached response before deciding to switch to a newer\nresponse, but looks at the newer packet private data instead, rendering the\ncomparison always false.\n\nFix this by switching to look at the older packet.\n\nFix further[1] to substitute the new packet in place of the old one if\nnewer and also to release whichever we don\u0027t use.",
"id": "GHSA-gwvh-rgq7-hjcw",
"modified": "2026-04-27T15:30:46Z",
"published": "2026-04-24T15:32:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31640"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/20386e7f8d97475b8d815873e246423317ec4260"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9132b1a7bf83b4a8042fffbc99d075b727a16742"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b33f5741bb187db8ff32e8f5b96def77cc94dfca"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GX2J-3FVM-RQJ3
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-30 21:30In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: fix a potential ttm->sg memory leak
Memory is allocated for ttm->sg by kmalloc in kfd_mem_dmamap_userptr, but isn't freed by kfree in kfd_mem_dmaunmap_userptr. Free it!
{
"affected": [],
"aliases": [
"CVE-2021-47420"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: fix a potential ttm-\u003esg memory leak\n\nMemory is allocated for ttm-\u003esg by kmalloc in kfd_mem_dmamap_userptr,\nbut isn\u0027t freed by kfree in kfd_mem_dmaunmap_userptr. Free it!",
"id": "GHSA-gx2j-3fvm-rqj3",
"modified": "2024-12-30T21:30:46Z",
"published": "2024-05-21T15:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47420"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7e5ce6029b627efb4a004746cfdc1eeff850e6eb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b072ef1215aca33186e3a10109e872e528a9e516"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GX4P-PQ85-G76X
Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-04-02 15:31In the Linux kernel, the following vulnerability has been resolved:
drm/xe/queue: Call fini on exec queue creation fail
Every call to queue init should have a corresponding fini call. Skipping this would mean skipping removal of the queue from GuC list (which is part of guc_id allocation). A damaged queue stored in exec_queue_lookup list would lead to invalid memory reference, sooner or later.
Call fini to free guc_id. This must be done before any internal LRCs are freed.
Since the finalization with this extra call became very similar to __xe_exec_queue_fini(), reuse that. To make this reuse possible, alter xe_lrc_put() so it can survive NULL parameters, like other similar functions.
v2: Reuse _xe_exec_queue_fini(). Make xe_lrc_put() aware of NULLs.
(cherry picked from commit 393e5fea6f7d7054abc2c3d97a4cfe8306cd6079)
{
"affected": [],
"aliases": [
"CVE-2026-23350"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T11:16:33Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/queue: Call fini on exec queue creation fail\n\nEvery call to queue init should have a corresponding fini call.\nSkipping this would mean skipping removal of the queue from GuC list\n(which is part of guc_id allocation). A damaged queue stored in\nexec_queue_lookup list would lead to invalid memory reference,\nsooner or later.\n\nCall fini to free guc_id. This must be done before any internal\nLRCs are freed.\n\nSince the finalization with this extra call became very similar to\n__xe_exec_queue_fini(), reuse that. To make this reuse possible,\nalter xe_lrc_put() so it can survive NULL parameters, like other\nsimilar functions.\n\nv2: Reuse _xe_exec_queue_fini(). Make xe_lrc_put() aware of NULLs.\n\n(cherry picked from commit 393e5fea6f7d7054abc2c3d97a4cfe8306cd6079)",
"id": "GHSA-gx4p-pq85-g76x",
"modified": "2026-04-02T15:31:36Z",
"published": "2026-03-25T12:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23350"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/99f9b5343cae80eb0dfe050baf6c86d722b3ba2e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fae65b8a4449ae556990efcde8d74bec4adc5925"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GX72-JPCX-HM2H
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-12 21:31In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()
Simplify the code by using device managed memory allocations.
This also fixes a memory leak in rtw_register_hw(). The supported bands were not freed in the error path.
Copied from commit 145df52a8671 ("wifi: rtw89: Convert rtw89_core_set_supported_band to use devm_*").
{
"affected": [],
"aliases": [
"CVE-2025-71273"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T12:16:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()\n\nSimplify the code by using device managed memory allocations.\n\nThis also fixes a memory leak in rtw_register_hw(). The supported bands\nwere not freed in the error path.\n\nCopied from commit 145df52a8671 (\"wifi: rtw89: Convert\nrtw89_core_set_supported_band to use devm_*\").",
"id": "GHSA-gx72-jpcx-hm2h",
"modified": "2026-05-12T21:31:26Z",
"published": "2026-05-06T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71273"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1bd90e0a99fdc8dc5deb3c92bf865e4496b4b311"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2ba12401cc1f2d970fa2e7d5b15abde3f5abd40d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9b5418070ee8468fac9e8bf641c83d46b85bff30"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ad9b80ee310ed734482a2e5da874b67f88ac0ef8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GX75-JWQC-9M3H
Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2023-01-18 00:30A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-c0a333d842ef.
{
"affected": [],
"aliases": [
"CVE-2019-18812"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-07T16:15:00Z",
"severity": "HIGH"
},
"details": "A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-c0a333d842ef.",
"id": "GHSA-gx75-jwqc-9m3h",
"modified": "2023-01-18T00:30:24Z",
"published": "2022-05-24T17:00:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18812"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/c0a333d842ef67ac04adc72ff79dc1ccc3dca4ed"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20191205-0001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GX78-CF6R-H3P3
Vulnerability from github – Published: 2023-08-22 21:30 – Updated: 2023-11-04 00:30GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
{
"affected": [],
"aliases": [
"CVE-2022-48065"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-22T19:16:31Z",
"severity": "MODERATE"
},
"details": "GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.",
"id": "GHSA-gx78-cf6r-h3p3",
"modified": "2023-11-04T00:30:21Z",
"published": "2023-08-22T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48065"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLZXZXFX2ZWTDU2QZUSZG36LZZVTKUVG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLZXZXFX2ZWTDU2QZUSZG36LZZVTKUVG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231006-0008"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29925"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d28fbc7197ba0e021a43f873eff90b05dcdcff6a"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d28fbc7197ba0e021a43f873eff90b05dcdcff6a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GXCX-QJQP-8VJW
Vulnerability from github – Published: 2026-02-24 15:30 – Updated: 2026-02-24 15:30Memory leak exists in coders/msl.c. In the WriteMSLImage function of the msl.c file, resources are allocated. But the function returns early without releasing these allocated resources.
==78983== Memcheck, a memory error detector
==78983== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==78983== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info
==78983==
==78983== 177,196 (13,512 direct, 163,684 indirect) bytes in 1 blocks are definitely lost in loss record 21 of 21
==78983== at 0x4846828: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x86.NET-Q8-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25638"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-24T15:30:54Z",
"nvd_published_at": "2026-02-24T01:16:13Z",
"severity": "MODERATE"
},
"details": "Memory leak exists in `coders/msl.c`. In the `WriteMSLImage` function of the `msl.c` file, resources are allocated. But the function returns early without releasing these allocated resources. \n\n```\n==78983== Memcheck, a memory error detector\n==78983== Copyright (C) 2002-2022, and GNU GPL\u0027d, by Julian Seward et al.\n==78983== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info\n==78983== \n==78983== 177,196 (13,512 direct, 163,684 indirect) bytes in 1 blocks are definitely lost in loss record 21 of 21\n==78983== at 0x4846828: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)\n```",
"id": "GHSA-gxcx-qjqp-8vjw",
"modified": "2026-02-24T15:30:54Z",
"published": "2026-02-24T15:30:54Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gxcx-qjqp-8vjw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25638"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/1e88fca11c7b8517100d518bc99bd8c474f02f88"
},
{
"type": "PACKAGE",
"url": "https://github.com/ImageMagick/ImageMagick"
},
{
"type": "WEB",
"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "ImageMagick has memory leak in msl encoder"
}
GHSA-H223-34QR-4VJ8
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-08-06 00:00Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain Cisco Discovery Protocol and LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted Cisco Discovery Protocol or LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: Cisco Discovery Protocol and LLDP are Layer 2 protocols. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
{
"affected": [],
"aliases": [
"CVE-2021-1563"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-04T17:15:00Z",
"severity": "MODERATE"
},
"details": "Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain Cisco Discovery Protocol and LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted Cisco Discovery Protocol or LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: Cisco Discovery Protocol and LLDP are Layer 2 protocols. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",
"id": "GHSA-h223-34qr-4vj8",
"modified": "2022-08-06T00:00:48Z",
"published": "2022-05-24T19:04:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1563"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldpcdp-mem-yTQDmjRO"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-41
Strategy: Libraries or Frameworks
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.
No CAPEC attack patterns related to this CWE.