Memory Leak in Expat XML Parser by Expat Software Foundation
CVE-2012-1148

Currently unrated

Key Information:

Vendor: Libexpat Project
Status: Libexpat
Vendor: CVE Published:; 3 July 2012

Summary

A memory leak vulnerability exists in the poolGrow function within the Expat XML parser, allowing context-dependent attackers to trigger a denial of service. By submitting a large number of specially crafted XML files, attackers can exploit the improper handling of entity reallocation failures, leading to significant memory consumption and service disruptions.

References

http://secunia.com/advisories/49504

third-party-advisoryx_refsource_SECUNIA

http://www.ubuntu.com/usn/USN-1527-1

vendor-advisoryx_refsource_UBUNTU

https://support.apple.com/HT205637

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 3, 2012
Vulnerability Reserved
Feb 14, 2012