CVE & Exploit Intelligence Database

CVE-2023-44821 5.5 MEDIUM EPSS 0.00

Gifsicle through 1.94, if deployed in a way that allows untrusted input to affect Gif_Realloc calls, might allow a denial of service (memory consumption). NOTE: this has been disputed by multiple parties because the Gifsicle code is not commonly used for unattended operation in which new input arrives for a long-running process, does not ship with functionality to link it into another application as a library, and does not have realistic use cases in which an adversary controls the entire command line.

CWE-401 Oct 09, 2023

CVE-2023-3576 5.5 MEDIUM EPSS 0.00

A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.

CWE-119 Oct 04, 2023

CVE-2022-4132 5.9 MEDIUM EPSS 0.00

A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).

CWE-401 Oct 04, 2023

CVE-2023-3592 5.8 MEDIUM EPSS 0.00

In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.

CWE-401 Oct 02, 2023

CVE-2023-20251 6.1 MEDIUM EPSS 0.00

A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot. This vulnerability is due to memory leaks caused by multiple clients connecting under specific conditions. An attacker could exploit this vulnerability by causing multiple wireless clients to attempt to connect to an access point (AP) on an affected device. A successful exploit could allow the attacker to cause the affected device to reboot after a significant amount of time, resulting in a denial of service (DoS) condition.

CWE-119 Sep 27, 2023

CVE-2023-5170 7.4 HIGH EPSS 0.00

In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox < 118.

CWE-401 Sep 27, 2023

CVE-2023-5156 7.5 HIGH EPSS 0.00

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

CWE-401 Sep 25, 2023

CVE-2023-41484 8.1 HIGH EPSS 0.00

An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file.

CWE-401 Sep 20, 2023

CVE-2023-28366 7.5 HIGH 1 Writeup EPSS 0.00

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.

CWE-401 Sep 01, 2023

CVE-2023-4569 5.5 MEDIUM EPSS 0.00

A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause double-deactivations of catchall elements, which can result in a memory leak.

CWE-401 Aug 28, 2023

CVE-2023-4513 5.3 MEDIUM EPSS 0.00

BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file

CWE-401 Aug 24, 2023

CVE-2022-48541 7.1 HIGH EPSS 0.01

A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.

CWE-401 Aug 22, 2023

CVE-2022-48065 5.5 MEDIUM EPSS 0.00

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.

CWE-401 Aug 22, 2023

CVE-2022-47011 5.5 MEDIUM EPSS 0.00

An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

CWE-401 Aug 22, 2023

CVE-2022-47010 5.5 MEDIUM EPSS 0.00

An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

CWE-401 Aug 22, 2023

CVE-2022-47008 5.5 MEDIUM EPSS 0.00

An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

CWE-401 Aug 22, 2023

CVE-2022-47007 5.5 MEDIUM EPSS 0.00

An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

CWE-401 Aug 22, 2023

CVE-2020-26683 5.5 MEDIUM EPSS 0.00

A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information.

CWE-401 Aug 22, 2023

CVE-2020-21490 5.5 MEDIUM EPSS 0.00

An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled.

CWE-401 Aug 22, 2023

CVE-2020-19724 5.5 MEDIUM EPSS 0.00

A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.

CWE-401 Aug 22, 2023