libming Memory Leak Vulnerability in readSizedString Function

A memory leak vulnerability has been identified in the readSizedString function within util/read.c of libming version 0.4.8. The issue arises because the function improperly manages memory allocation for string processing, failing to address error cases effectively. This oversight allows attackers to exploit the vulnerability by causing a denial-of-service through a crafted file, leading to increased memory usage and potential application instability.

Impact

Exploitation of this vulnerability causes a memory leak, where allocated memory is not properly freed, leading to increased memory consumption and potential denial-of-service conditions.

Reproduction

The vulnerability can be reproduced by using the provided proof-of-concept file 'Poc-readSizedString.zip', which should be extracted and used as input with the libming application. The memory leak can be observed using a tool like AddressSanitizer, which will report the leaked memory allocations.