Unrated severityNVD Advisory· Published Jul 3, 2012· Updated Jun 16, 2026
CVE-2012-1148
CVE-2012-1148
Description
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*range: <=2.0.1
- cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:*
- cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:*
- cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:*
- cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:*
- cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:*
- cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:*
- cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:*
- cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:*
- Range: <2.1.0
Patches
Vulnerability mechanics
References
18- expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.cnvdPatch
- secunia.com/advisories/49504nvdVendor Advisory
- lists.apple.com/archives/security-announce/2015/Dec/msg00005.htmlnvd
- rhn.redhat.com/errata/RHSA-2012-0731.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-0062.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-2957.htmlnvd
- secunia.com/advisories/51024nvd
- secunia.com/advisories/51040nvd
- sourceforge.net/projects/expat/files/expat/2.1.0/nvd
- sourceforge.net/tracker/nvd
- www.debian.org/security/2012/dsa-2525nvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/52379nvd
- www.securitytracker.com/id/1034344nvd
- www.ubuntu.com/usn/USN-1527-1nvd
- www.ubuntu.com/usn/USN-1613-1nvd
- www.ubuntu.com/usn/USN-1613-2nvd
- support.apple.com/HT205637nvd
News mentions
0No linked articles in our index yet.