Created colord tracking bugs for this issue:
Affects: fedora-35 [bug 2133669]
Affects: fedora-36 [bug 2133672]
Created golang-entgo-ent tracking bugs for this issue:
Affects: fedora-35 [bug 2133670]
Affects: fedora-36 [bug 2133673]
Created mingw-colord tracking bugs for this issue:
Affects: fedora-35 [bug 2133671]
Affects: fedora-36 [bug 2133674]
This is not a bug. Leaking a few bytes of memory for a failure case THAT CANNOT BE TRIGGED is not a security vulnerability in any way. CVE-2021-42523 should never have been issued and I believe it was only opened for someone to put on his resume. CWE-200 is an completely incorrect classification for this bug.