diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c
index c55b0cc5cd1..90acdf658e4 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c
@@ -470,6 +470,10 @@ Pkcs7GetSignedData (
     goto End;
   }
 
+  if (CertNum != 0) {
+    FreePool (MoreCert);
+  }
+
   LastCert = &(SignedData->Certificates);
 
   while (CertNum--) {
@@ -487,8 +491,10 @@ Pkcs7GetSignedData (
     Ret = MbedTlsPkcs7GetSignersInfoSet (&P, End, &SignedData->SignerInfos);
   }
 
+  return Ret;
+
 End:
-  if (MoreCert != NULL) {
+  if ((MoreCert != NULL) && (CertNum !=0)) {
     FreePool (MoreCert);
     MoreCert = NULL;
   }
@@ -1085,6 +1091,9 @@ Pkcs7GetSigners (
   while (SignerInfo != NULL) {
     // Find signers cert
     Cert = MbedTlsPkcs7FindSignerCert (SignerInfo, &(Pkcs7.SignedData.Certificates));
+    if (Cert == NULL) {
+      goto _Exit;
+    }
 
     CertSize   = Cert->raw.len;
     OldSize    = BufferSize;