Memory leak in the vcard_apdu_new function in card_7816.c in libcacard0before 2.5.3 allows local guest OS users to cause a denial of service via vectors related to allocating a new APDU object.