{"id":"CVE-2021-39176","details":"detect-character-encoding is a package for detecting character encoding using ICU. In detect-character-encoding v0.3.0 and earlier, allocated memory is not released. The problem has been patched in detect-character-encoding v0.3.1.","aliases":["GHSA-5rwj-j5m3-3chj"],"modified":"2026-04-11T21:23:16.563376Z","published":"2021-08-31T18:15:08.490Z","related":["GHSA-5rwj-j5m3-3chj"],"references":[{"type":"ADVISORY","url":"https://github.com/sonicdoe/detect-character-encoding/releases/tag/v0.3.1"},{"type":"FIX","url":"https://github.com/sonicdoe/detect-character-encoding/commit/d44356927b92e3b13e178071bf6d7c671766f588"},{"type":"FIX","url":"https://github.com/sonicdoe/detect-character-encoding/pull/6"},{"type":"FIX","url":"https://github.com/sonicdoe/detect-character-encoding/security/advisories/GHSA-5rwj-j5m3-3chj"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sonicdoe/detect-character-encoding","events":[{"introduced":"0"},{"fixed":"19bbbb2ec25fb6f30f0ec1202d90f7568921bd87"},{"fixed":"d44356927b92e3b13e178071bf6d7c671766f588"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.3.1"}]}}],"versions":["v0.1.0","v0.2.0","v0.2.1","v0.3.0"],"database_specific":{"vanir_signatures":[{"id":"CVE-2021-39176-131b3d79","digest":{"line_hashes":["13408327678877304456975407656688676524","120584694468257360971568936664209899744","4022055859797529272442285157709371966","194409028033557739133378128099937422143","159446497483835865618998386825336247769","209327658693303945781423438306504388981","141173879481676723128512032734821997272","177342942665869635409755168872643286127","205021917407427534105529260337061008168","118062108046861521403820063569311331165","260104711269267740172011151045159518087","155550867351282366072322880850049297290","2127235777952485018900461792342956008","39179829604589586862994793427449749458","102224735839491004734866963062540467058","217924404446977606099364293203185145867","284510871259388585649974747591240290018","268911694072267953811827044974814943886","199243353681064088395305529017596385077","266427056194956355902074222894519361119"],"threshold":0.9},"source":"https://github.com/sonicdoe/detect-character-encoding/commit/d44356927b92e3b13e178071bf6d7c671766f588","deprecated":false,"signature_type":"Line","signature_version":"v1","target":{"file":"icuWrapper.cpp"}},{"id":"CVE-2021-39176-6d8e583a","digest":{"function_hash":"290557703995622132170331849265200079583","length":1301},"source":"https://github.com/sonicdoe/detect-character-encoding/commit/d44356927b92e3b13e178071bf6d7c671766f588","deprecated":false,"signature_type":"Function","signature_version":"v1","target":{"function":"NAN_METHOD","file":"icuWrapper.cpp"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39176.json","vanir_signatures_modified":"2026-04-11T21:23:16Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}