VYPR

CWE-772

Missing Release of Resource after Effective Lifetime

BaseDraftLikelihood: High

Description

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-469

CVEs mapped to this weakness (345)

page 14 of 18
  • CVE-2017-17291MedFeb 15, 2018
    risk 0.36cvss 5.5epss 0.00

    Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01,…

  • CVE-2017-17162MedFeb 15, 2018
    risk 0.36cvss 5.5epss 0.00

    Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 have a memory leak vulnerability due to memory don't be released when an local…

  • CVE-2017-1000182MedNov 17, 2017
    risk 0.36cvss 5.5epss 0.01

    In SWFTools, a memory leak was found in wav2swf.

  • CVE-2017-15225MedOct 10, 2017
    risk 0.36cvss 5.5epss 0.01

    _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.

  • CVE-2017-14930MedSep 30, 2017
    risk 0.36cvss 5.5epss 0.01

    Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

  • CVE-2017-14431MedSep 13, 2017
    risk 0.36cvss 5.5epss 0.00

    Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207.

  • CVE-2017-0726MedAug 9, 2017
    risk 0.36cvss 5.5epss 0.00

    A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36389123.

  • CVE-2017-0697MedJul 6, 2017
    risk 0.36cvss 5.5epss 0.00

    A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37239013.

  • CVE-2017-8421MedMay 2, 2017
    risk 0.36cvss 5.5epss 0.01

    The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in…

  • CVE-2017-7624MedApr 10, 2017
    risk 0.36cvss 5.5epss 0.01

    The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.

  • CVE-2017-7594MedApr 9, 2017
    risk 0.36cvss 5.5epss 0.02

    The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.

  • CVE-2017-6499MedMar 6, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS).

  • CVE-2015-8631MedFeb 13, 2016
    risk 0.36cvss 6.5epss 0.05

    Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

  • CVE-2025-32439MedApr 15, 2025
    risk 0.35cvss 6.5epss 0.00

    pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's…

  • CVE-2018-18016MedOct 5, 2018
    risk 0.35cvss 6.5epss 0.02

    ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.

  • CVE-2018-3658MedSep 12, 2018
    risk 0.35cvss 5.3epss 0.03

    Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access.

  • CVE-2018-10924MedSep 4, 2018
    risk 0.35cvss 5.3epss 0.02

    It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine.

  • CVE-2017-1786MedApr 23, 2018
    risk 0.35cvss 5.3epss 0.01

    IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975.

  • CVE-2018-6957MedMar 15, 2018
    risk 0.35cvss 5.3epss 0.02

    VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be…

  • CVE-2017-17296MedFeb 15, 2018
    risk 0.35cvss 5.3epss 0.01

    Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01,…