CVE & Exploit Intelligence Database

CVE-2019-7175 7.5 HIGH 1 Writeup EPSS 0.00

In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.

CWE-401 Mar 07, 2019

CVE-2019-8259 7.5 HIGH EPSS 0.01

UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199.

CWE-665 Mar 05, 2019

CVE-2019-9004 7.5 HIGH EPSS 0.00

In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13.c in lwm2mserver in the LWM2M server mishandles invalid options, leading to a memory leak. Processing of a single crafted packet leads to leaking (wasting) 24 bytes of memory. This can lead to termination of the LWM2M server after exhausting all available memory.

CWE-401 Feb 22, 2019

CVE-2019-8980 7.5 HIGH EPSS 0.02

A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.

CWE-401 Feb 21, 2019

CVE-2019-7732 7.5 HIGH EPSS 0.00

In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.

CWE-401 Feb 11, 2019

CVE-2019-7398 7.5 HIGH EPSS 0.00

In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.

CWE-401 Feb 05, 2019

CVE-2019-7397 7.5 HIGH 1 Writeup EPSS 0.00

In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.

CWE-401 Feb 05, 2019

CVE-2019-7396 7.5 HIGH 1 Writeup EPSS 0.03

In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.

CWE-401 Feb 05, 2019

CVE-2019-7395 7.5 HIGH 1 Writeup EPSS 0.03

In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.

CWE-401 Feb 05, 2019

CVE-2019-3815 3.3 LOW EPSS 0.00

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.

CWE-401 Jan 28, 2019

CVE-2019-6502 7.5 HIGH EPSS 0.00

sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.

CWE-401 Jan 22, 2019

CVE-2019-6459 6.5 MEDIUM 1 Writeup EPSS 0.00

An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils.c in librec.a.

CWE-401 Jan 16, 2019

CVE-2019-6458 6.5 MEDIUM 1 Writeup EPSS 0.00

An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a.

CWE-401 Jan 16, 2019

CVE-2019-6457 6.5 MEDIUM 1 Writeup EPSS 0.00

An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-aggregate.c in librec.a.

CWE-401 Jan 16, 2019

CVE-2019-6138 7.5 HIGH EPSS 0.00

An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_memory.c have memory leaks when called from mms/iso_mms/common/mms_value.c, server/mms_mapping/mms_mapping.c, and server/mms_mapping/mms_sv.c (via common/string_utilities.c), as demonstrated by iec61850_9_2_LE_example.c.

CWE-401 Jan 11, 2019

CVE-2019-6135 7.5 HIGH EPSS 0.00

An issue has been found in libIEC61850 v1.3.1. Memory_malloc in hal/memory/lib_memory.c has a memory leak when called from Asn1PrimitiveValue_create in mms/asn1/asn1_ber_primitive_value.c, as demonstrated by goose_publisher_example.c and iec61850_9_2_LE_example.c.

CWE-401 Jan 11, 2019

CVE-2019-6132 7.5 HIGH EPSS 0.00

An issue was discovered in Bento4 v1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp when called from the AP4_EsdsAtom class in Core/Ap4EsdsAtom.cpp, as demonstrated by mp42aac.

CWE-401 Jan 11, 2019

CVE-2019-6129 6.5 MEDIUM EPSS 0.00

png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.

CWE-401 Jan 11, 2019

CVE-2019-6128 8.8 HIGH 1 Writeup EPSS 0.02

The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.

CWE-401 Jan 11, 2019

CVE-2018-15377 8.6 HIGH EPSS 0.01

A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.

CWE-401 Oct 05, 2018