VYPR

CWE-404

Improper Resource Shutdown or Release

ClassDraftLikelihood: Medium

Description

The product does not release or incorrectly releases a resource before it is made available for re-use.

When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-125 · CAPEC-130 · CAPEC-131 · CAPEC-494 · CAPEC-495 · CAPEC-496 · CAPEC-666

CVEs mapped to this weakness (306)

page 14 of 16
  • CVE-2026-9572LowMay 26, 2026
    risk 0.14cvss 3.3epss 0.00

    A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a…

  • CVE-2026-9567LowMay 26, 2026
    risk 0.14cvss 3.3epss 0.00

    A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isom_intern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been…

  • CVE-2026-9503LowMay 25, 2026
    risk 0.14cvss 3.3epss 0.00

    A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The…

  • CVE-2026-4174LowMar 16, 2026
    risk 0.14cvss 3.3epss 0.00

    A vulnerability has been found in Radare2 5.9.9. This issue affects the function walk_exports_trie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation leads to resource consumption. The attack can only be performed from a local…

  • CVE-2026-2887LowFeb 21, 2026
    risk 0.14cvss 3.3epss 0.00

    A security vulnerability has been detected in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. Such manipulation leads to uncontrolled recursion. The attack can only be performed from a local environment. The…

  • CVE-2026-1417LowJan 26, 2026
    risk 0.14cvss 3.3epss 0.00

    A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been made available to…

  • CVE-2026-1416LowJan 26, 2026
    risk 0.14cvss 3.3epss 0.00

    A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit…

  • CVE-2026-1415LowJan 26, 2026
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit…

  • CVE-2025-15504LowJan 10, 2026
    risk 0.14cvss 3.3epss 0.00

    A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be…

  • CVE-2025-15419LowJan 2, 2026
    risk 0.14cvss 3.3epss 0.00

    A weakness has been identified in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_response of the file src/sgwc/s5c-handler.c of the component GTPv2-C Flow Handler. Executing a manipulation can lead to denial of service. The attack…

  • CVE-2025-15418LowJan 2, 2026
    risk 0.14cvss 3.3epss 0.00

    A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function ogs_gtp2_parse_bearer_qos in the library lib/gtp/v2/types.c of the component Bearer QoS IE Length Handler. Performing a manipulation results in denial of service. The…

  • CVE-2025-15417LowJan 1, 2026
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such manipulation leads to denial of service. The attack must be carried out…

  • CVE-2025-14957LowDec 19, 2025
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads…

  • CVE-2025-14841LowDec 18, 2025
    risk 0.14cvss 3.3epss 0.00

    A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This…

  • CVE-2022-4981LowOct 21, 2025
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The…

  • CVE-2025-11011LowSep 26, 2025
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was found in BehaviorTree up to 4.7.0. Affected by this issue is the function JsonExporter::fromJson of the file /src/json_export.cpp. Performing manipulation of the argument Source results in null pointer dereference. The attack needs to be approached locally.…

  • CVE-2025-8732LowAug 8, 2025
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has…

  • CVE-2025-6140LowJun 16, 2025
    risk 0.14cvss 3.3epss 0.00

    A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local…

  • CVE-2025-4287LowMay 5, 2025
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host.…

  • CVE-2026-10705LowJun 3, 2026
    risk 0.13cvss 3.1epss 0.00

    A flaw has been found in dask up to 3.0. Affected by this issue is the function nunique_approx of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree…