Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DSA-2525-1 | expat security update |
![]() |
EUVD-2012-1182 | Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. |
![]() |
USN-1527-1 | Expat vulnerabilities |
![]() |
USN-1527-2 | XML-RPC for C and C++ vulnerabilities |
![]() |
USN-1613-1 | Python 2.5 vulnerabilities |
![]() |
USN-1613-2 | Python 2.4 vulnerabilities |
![]() |
USN-5455-1 | xmltok library vulnerabilities |
![]() |
USN-7307-1 | xmltok library vulnerability |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Sat, 12 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-06T18:45:27.498Z
Reserved: 2012-02-14T00:00:00
Link: CVE-2012-1148

No data.

Status : Deferred
Published: 2012-07-03T19:55:02.757
Modified: 2025-04-11T00:51:21.963
Link: CVE-2012-1148


No data.