VYPR

CWE-401

Missing Release of Memory after Effective Lifetime

VariantDraftLikelihood: Medium

Description

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (327)

page 14 of 17
  • CVE-2025-23165LowMay 19, 2025
    risk 0.24cvss 3.7epss 0.00

    In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can…

  • CVE-2025-46686LowJul 23, 2025
    risk 0.23cvss 3.5epss 0.00

    Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments of every bulk, even when the command is skipped because of insufficient…

  • CVE-2025-15572LowFeb 10, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Unfortunately, the project has no…

  • CVE-2025-8225LowJul 27, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The…

  • CVE-2025-7068LowJul 4, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attacking locally is a requirement. The exploit has been disclosed to the public and…

  • CVE-2025-6498LowJun 23, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the…

  • CVE-2025-5324LowMay 29, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability, which was classified as problematic, was found in TechPowerUp GPU-Z 2.23.0. Affected is the function sub_140001880 in the library GPU-Z.sys of the component 0x8000645C IOCTL Handler. The manipulation leads to memory leak. It is possible to launch the attack on…

  • CVE-2025-3198LowApr 4, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached…

  • CVE-2025-1816MedMar 2, 2025
    risk 0.21cvss 4.3epss 0.01

    A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters…

  • CVE-2024-53984MedDec 2, 2024
    risk 0.21cvss 4.3epss 0.00

    Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream length. and the pb_decode_ex() function…

  • CVE-2025-8277LowSep 9, 2025
    risk 0.20cvss 3.1epss 0.00

    A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client…

  • CVE-2025-61146MedFeb 23, 2026
    risk 0.19cvss 4.0epss 0.00

    saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c.

  • CVE-2025-9165LowAug 19, 2025
    risk 0.16cvss 2.5epss 0.00

    A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This…

  • CVE-2026-9572LowMay 26, 2026
    risk 0.14cvss 3.3epss 0.00

    A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a…

  • CVE-2025-47279LowMay 15, 2025
    risk 0.13cvss 3.1epss 0.00

    Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the…

  • CVE-2026-40336LowApr 18, 2026
    risk 0.09cvss 2.4epss 0.00

    libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (lines 884–885). When processing a secondary enumeration list (introduced in 2024+ Sony cameras), the function…

  • CVE-2001-0136Mar 12, 2001
    risk 0.07cvss epss 0.45

    Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.

  • CVE-2007-2274Apr 25, 2007
    risk 0.04cvss epss 0.08

    The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file. NOTE: the original disclosure refers to this as a memory leak, but it is not certain.

  • CVE-2009-1378May 19, 2009
    risk 0.01cvss epss 0.13

    Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers…

  • CVE-2001-0543Sep 20, 2001
    risk 0.01cvss epss 0.21

    Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.