Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.
Advisories
Source ID Title
Debian DSA Debian DSA DSA-2525-1 expat security update
EUVD EUVD EUVD-2012-1182 Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.
Ubuntu USN Ubuntu USN USN-1527-1 Expat vulnerabilities
Ubuntu USN Ubuntu USN USN-1527-2 XML-RPC for C and C++ vulnerabilities
Ubuntu USN Ubuntu USN USN-1613-1 Python 2.5 vulnerabilities
Ubuntu USN Ubuntu USN USN-1613-2 Python 2.4 vulnerabilities
Ubuntu USN Ubuntu USN USN-5455-1 xmltok library vulnerabilities
Ubuntu USN Ubuntu USN USN-7307-1 xmltok library vulnerability
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.01368}

epss

{'score': 0.01442}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-06T18:45:27.498Z

Reserved: 2012-02-14T00:00:00

Link: CVE-2012-1148

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2012-07-03T19:55:02.757

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-1148

cve-icon Redhat

Severity : Moderate

Publid Date: 2012-03-03T00:00:00Z

Links: CVE-2012-1148 - Bugzilla

cve-icon OpenCVE Enrichment

No data.