Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-46420

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-24 Apr, 2025 | 12:58
Updated At-18 Nov, 2025 | 09:06
Rejected At-
Credits

Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c

A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:24 Apr, 2025 | 12:58
Updated At:18 Nov, 2025 | 09:06
Rejected At:
â–¼CVE Numbering Authority (CNA)
Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c

A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.

Affected Products
Collection URL
https://gitlab.gnome.org/GNOME/libsoup
Package Name
libsoup
Default Status
unaffected
Versions
Affected
  • From 0 before 3.6.3 (semver)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
libsoup
CPEs
  • cpe:/o:redhat:enterprise_linux:8::baseos
  • cpe:/a:redhat:enterprise_linux:8::appstream
Default Status
affected
Versions
Unaffected
  • From 0:2.62.3-8.el8_10 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
libsoup
CPEs
  • cpe:/o:redhat:enterprise_linux:8::baseos
  • cpe:/a:redhat:enterprise_linux:8::appstream
Default Status
affected
Versions
Unaffected
  • From 0:2.62.3-8.el8_10 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8.2 Advanced Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
libsoup
CPEs
  • cpe:/a:redhat:rhel_aus:8.2::appstream
  • cpe:/o:redhat:rhel_aus:8.2::baseos
Default Status
affected
Versions
Unaffected
  • From 0:2.62.3-1.el8_2.4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
libsoup
CPEs
  • cpe:/o:redhat:rhel_aus:8.4::baseos
  • cpe:/o:redhat:rhel_e4s:8.4::baseos
  • cpe:/o:redhat:rhel_tus:8.4::baseos
  • cpe:/a:redhat:rhel_aus:8.4::appstream
  • cpe:/a:redhat:rhel_tus:8.4::appstream
  • cpe:/a:redhat:rhel_e4s:8.4::appstream
Default Status
affected
Versions
Unaffected
  • From 0:2.62.3-2.el8_4.4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
libsoup
CPEs
  • cpe:/o:redhat:rhel_aus:8.4::baseos
  • cpe:/o:redhat:rhel_e4s:8.4::baseos
  • cpe:/o:redhat:rhel_tus:8.4::baseos
  • cpe:/a:redhat:rhel_aus:8.4::appstream
  • cpe:/a:redhat:rhel_tus:8.4::appstream
  • cpe:/a:redhat:rhel_e4s:8.4::appstream
Default Status
affected
Versions
Unaffected
  • From 0:2.62.3-2.el8_4.4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
libsoup
CPEs
  • cpe:/o:redhat:rhel_aus:8.4::baseos
  • cpe:/o:redhat:rhel_e4s:8.4::baseos
  • cpe:/o:redhat:rhel_tus:8.4::baseos
  • cpe:/a:redhat:rhel_aus:8.4::appstream
  • cpe:/a:redhat:rhel_tus:8.4::appstream
  • cpe:/a:redhat:rhel_e4s:8.4::appstream
Default Status
affected
Versions
Unaffected
  • From 0:2.62.3-2.el8_4.4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
libsoup
CPEs
  • cpe:/o:redhat:rhel_aus:8.6::baseos
  • cpe:/o:redhat:rhel_tus:8.6::baseos
  • cpe:/a:redhat:rhel_tus:8.6::appstream
  • cpe:/a:redhat:rhel_aus:8.6::appstream
  • cpe:/a:redhat:rhel_e4s:8.6::appstream
  • cpe:/o:redhat:rhel_e4s:8.6::baseos
Default Status
affected
Versions
Unaffected
  • From 0:2.62.3-2.el8_6.4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
libsoup
CPEs
  • cpe:/o:redhat:rhel_aus:8.6::baseos
  • cpe:/o:redhat:rhel_tus:8.6::baseos
  • cpe:/a:redhat:rhel_tus:8.6::appstream
  • cpe:/a:redhat:rhel_aus:8.6::appstream
  • cpe:/a:redhat:rhel_e4s:8.6::appstream
  • cpe:/o:redhat:rhel_e4s:8.6::baseos
Default Status
affected
Versions
Unaffected
  • From 0:2.62.3-2.el8_6.4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
libsoup
CPEs
  • cpe:/o:redhat:rhel_aus:8.6::baseos
  • cpe:/o:redhat:rhel_tus:8.6::baseos
  • cpe:/a:redhat:rhel_tus:8.6::appstream
  • cpe:/a:redhat:rhel_aus:8.6::appstream
  • cpe:/a:redhat:rhel_e4s:8.6::appstream
  • cpe:/o:redhat:rhel_e4s:8.6::baseos
Default Status
affected
Versions
Unaffected
  • From 0:2.62.3-2.el8_6.4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8.8 Extended Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
libsoup
CPEs
  • cpe:/a:redhat:rhel_eus:8.8::appstream
  • cpe:/o:redhat:rhel_eus:8.8::baseos
Default Status
affected
Versions
Unaffected
  • From 0:2.62.3-3.el8_8.4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
libsoup
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Versions
Unaffected
  • From 0:2.72.0-10.el9_6.1 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
libsoup
CPEs
  • cpe:/a:redhat:rhel_e4s:9.0::appstream
Default Status
affected
Versions
Unaffected
  • From 0:2.72.0-8.el9_0.4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9.2 Extended Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
libsoup
CPEs
  • cpe:/a:redhat:rhel_eus:9.2::appstream
Default Status
affected
Versions
Unaffected
  • From 0:2.72.0-8.el9_2.4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9.4 Extended Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
libsoup
CPEs
  • cpe:/a:redhat:rhel_eus:9.4::appstream
Default Status
affected
Versions
Unaffected
  • From 0:2.72.0-8.el9_4.4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
libsoup3
CPEs
  • cpe:/o:redhat:enterprise_linux:10
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
libsoup
CPEs
  • cpe:/o:redhat:enterprise_linux:6
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
libsoup
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
unknown
Problem Types
TypeCWE IDDescription
CWECWE-401Missing Release of Memory after Effective Lifetime
Type: CWE
CWE ID: CWE-401
Description: Missing Release of Memory after Effective Lifetime
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Metrics Other Info
Red Hat severity rating
value:
Moderate
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

Currently, no mitigation is available for this vulnerability.

Exploits
Credits
Timeline
EventDate
Reported to Red Hat.2025-04-24 01:33:03
Made public.2025-04-24 00:00:00
Event: Reported to Red Hat.
Date: 2025-04-24 01:33:03
Event: Made public.
Date: 2025-04-24 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2025:4439
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:4440
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:4508
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:4538
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:4560
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:4568
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:4609
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:4624
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:7436
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-46420
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2361963
issue-tracking
x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libsoup/-/issues/438
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:4439
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:4440
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:4508
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:4538
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:4560
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:4568
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:4609
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:4624
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:7436
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2025-46420
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2361963
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://gitlab.gnome.org/GNOME/libsoup/-/issues/438
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:24 Apr, 2025 | 13:15
Updated At:13 May, 2025 | 21:16

A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-401Secondarysecalert@redhat.com
CWE ID: CWE-401
Type: Secondary
Source: secalert@redhat.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://access.redhat.com/errata/RHSA-2025:4439secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:4440secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:4508secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:4538secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:4560secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:4568secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:4609secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:4624secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:7436secalert@redhat.com
N/A
https://access.redhat.com/security/cve/CVE-2025-46420secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2361963secalert@redhat.com
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:4439
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:4440
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:4508
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:4538
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:4560
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:4568
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:4609
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:4624
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:7436
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2025-46420
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2361963
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

91Records found
CVE-2024-24155
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.60% / 68.85%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 00:00
Updated-16 Jan, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bento4 v1.5.1-628 contains a Memory leak on AP4_Movie::AP4_Movie, parsing tracks and added into m_Tracks list, but mp42aac cannot correctly delete when we got an no audio track found error. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mp4 file.

Action-Not Available
Vendor-n/abento4Axiomatic Systems, LLC
Product-bento4n/abento4
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2024-24150
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 38.87%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 00:00
Updated-27 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak issue discovered in parseSWF_TEXTRECORD in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.

Action-Not Available
Vendor-libmingn/a
Product-libmingn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2024-24147
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.70%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 00:00
Updated-29 Aug, 2024 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak issue discovered in parseSWF_FILLSTYLEARRAY in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file.

Action-Not Available
Vendor-libmingn/alibming
Product-libmingn/alibming
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-43032
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.34%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-08 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Bento4 v1.6.0-639. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as demonstrated by mp42aac.

Action-Not Available
Vendor-n/aAxiomatic Systems, LLC
Product-bento4n/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22048
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.88% / 74.86%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 15:40
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22042
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.79% / 73.41%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 19:53
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22054
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.55% / 81.09%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 17:34
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22039
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 41.07%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 19:30
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22041
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.82% / 73.95%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 19:34
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22044
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.03% / 76.95%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 20:02
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22046
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 69.22%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 15:10
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22049
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.55% / 81.09%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 15:44
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22051
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.05%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 16:06
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22056
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 62.57%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 17:55
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22043
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.05%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 19:57
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22037
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.58% / 68.31%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 19:22
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22040
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.05%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 19:18
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22038
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 41.07%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 19:25
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-21839
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 59.05%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 20:55
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead to an memory leak in dwg_decode_eed ../../src/decode.c:3638.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2025-26308
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-20 Feb, 2025 | 00:00
Updated-17 Apr, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak has been identified in the parseSWF_FILTERLIST function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file.

Action-Not Available
Vendor-libmingn/a
Product-libmingn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2025-26311
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.38%
||
7 Day CHG~0.00%
Published-20 Feb, 2025 | 00:00
Updated-17 Apr, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory leaks have been identified in the clip actions parsing functions (parseSWF_CLIPACTIONS and parseSWF_CLIPACTIONRECORD) in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of service via a crafted SWF file.

Action-Not Available
Vendor-libmingn/a
Product-libmingn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2025-26307
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-20 Feb, 2025 | 00:00
Updated-17 Apr, 2025 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak has been identified in the parseSWF_IMPORTASSETS2 function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file.

Action-Not Available
Vendor-libmingn/a
Product-libmingn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2024-24750
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 54.15%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 21:42
Updated-13 Feb, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Backpressure request ignored in fetch() in Undici

Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body.

Action-Not Available
Vendor-Node.js (OpenJS Foundation)
Product-undiciundiciundici
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2024-24149
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 33.48%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 00:00
Updated-13 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.

Action-Not Available
Vendor-libmingn/alibming
Product-libmingn/alibming
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-43037
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 47.59%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-08 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Bento4 1.6.0-639. There is a memory leak in the function AP4_File::ParseStream in /Core/Ap4File.cpp.

Action-Not Available
Vendor-n/aAxiomatic Systems, LLC
Product-bento4n/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-20052
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 60.29%
||
7 Day CHG~0.00%
Published-27 Dec, 2019 | 21:59
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case.

Action-Not Available
Vendor-matio_projectn/a
Product-mation/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-6299
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 19.40%
||
7 Day CHG~0.00%
Published-26 Nov, 2023 | 23:00
Updated-02 Aug, 2024 | 08:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apryse iText Reference Table PdfDocument.java memory leak

A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1. This issue affects some unknown processing of the file PdfDocument.java of the component Reference Table Handler. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.0.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246125 was assigned to this vulnerability. NOTE: The vendor was contacted early about this vulnerability. The fix was introduced in the iText 8.0.2 release on October 25th 2023, prior to the disclosure.

Action-Not Available
Vendor-itextpdfApryse
Product-itextiText
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-41419
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 44.98%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 13:51
Updated-03 Aug, 2024 | 12:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_Processor::Process function in the mp4encrypt binary.

Action-Not Available
Vendor-n/aAxiomatic Systems, LLC
Product-bento4n/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-41426
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 44.98%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 13:51
Updated-03 Aug, 2024 | 12:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_AtomFactory::CreateAtomFromStream function in mp4split.

Action-Not Available
Vendor-n/aAxiomatic Systems, LLC
Product-bento4n/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-41424
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 44.98%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 13:51
Updated-03 Aug, 2024 | 12:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_SttsAtom::Create function in mp42hls.

Action-Not Available
Vendor-n/aAxiomatic Systems, LLC
Product-bento4n/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-3957
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.99%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 00:00
Updated-15 Apr, 2025 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPAC SVG Parser svg_attributes.c svg_parse_preserveaspectratio memory leak

A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463.

Action-Not Available
Vendor-unspecifiedGPAC
Product-gpacGPAC
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-40439
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.42% / 61.23%
||
7 Day CHG~0.00%
Published-14 Sep, 2022 | 20:06
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An memory leak issue was discovered in AP4_StdcFileByteStream::Create in mp42ts in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file.

Action-Not Available
Vendor-n/aAxiomatic Systems, LLC
Product-bento4n/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-3812
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 52.47%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 01:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Axiomatic Bento4 mp4encrypt AP4_ContainerAtom memory leak

A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is the function AP4_ContainerAtom::AP4_ContainerAtom of the component mp4encrypt. The manipulation leads to memory leak. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212678 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-Axiomatic Systems, LLC
Product-bento4Bento4
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-35433
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.55%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 20:12
Updated-03 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered to contain a memory leak via /src/jfif.c.

Action-Not Available
Vendor-ffjpeg_projectn/a
Product-ffjpegn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-20023
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 62.60%
||
7 Day CHG~0.00%
Published-27 Dec, 2019 | 01:10
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak was discovered in image_buffer_resize in fromsixel.c in libsixel 1.8.4.

Action-Not Available
Vendor-libsixel_projectn/a
Product-libsixeln/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-17371
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.66%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 12:07
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gif2png 2.5.13 has a memory leak in the writefile function.

Action-Not Available
Vendor-gif2png_projectn/a
Product-gif2pngn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-13311
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.86%
||
7 Day CHG~0.00%
Published-05 Jul, 2019 | 00:54
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2018-21017
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 51.34%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 12:58
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-41427
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.18%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 13:51
Updated-03 Aug, 2024 | 12:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bento4 v1.6.0-639 was discovered to contain a memory leak in the AP4_AvcFrameParser::Feed function in mp4mux.

Action-Not Available
Vendor-n/aAxiomatic Systems, LLC
Product-bento4n/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-20234
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 63.22%
||
7 Day CHG~0.00%
Published-01 Apr, 2021 | 13:46
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-zeromqn/a
Product-libzmqzeromq
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-45481
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 7.57%
||
7 Day CHG~0.00%
Published-25 Dec, 2021 | 00:04
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889.

Action-Not Available
Vendor-webkitgtkn/a
Product-webkitgtkn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
  • Previous
  • 1
  • 2
  • Next
Details not found