Unrated severityNVD Advisory· Published Jul 3, 2012· Updated Apr 29, 2026
CVE-2012-1148
CVE-2012-1148
Description
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.
Affected products
10cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*range: <=2.0.1
- cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:*
- cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:*
- cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:*
- cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:*
- cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:*
- cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:*
- cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:*
- cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
18- expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.cnvdPatch
- secunia.com/advisories/49504nvdVendor Advisory
- lists.apple.com/archives/security-announce/2015/Dec/msg00005.htmlnvd
- rhn.redhat.com/errata/RHSA-2012-0731.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-0062.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-2957.htmlnvd
- secunia.com/advisories/51024nvd
- secunia.com/advisories/51040nvd
- sourceforge.net/projects/expat/files/expat/2.1.0/nvd
- sourceforge.net/tracker/nvd
- www.debian.org/security/2012/dsa-2525nvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/52379nvd
- www.securitytracker.com/id/1034344nvd
- www.ubuntu.com/usn/USN-1527-1nvd
- www.ubuntu.com/usn/USN-1613-1nvd
- www.ubuntu.com/usn/USN-1613-2nvd
- support.apple.com/HT205637nvd
News mentions
0No linked articles in our index yet.