CVE Reference: CVE-2012-1148

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2012-1148

Description:
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.

CVE Status:
Candidate

References:

UBUNTU
  http://www.ubuntu.com/usn/USN-1613-2
  http://www.ubuntu.com/usn/USN-1613-1
  http://www.ubuntu.com/usn/USN-1527-1

SAID
  Secunia Advisory: SA49504
  Secunia Advisory: SA51024
  Secunia Advisory: SA51040

REDHAT
  http://rhn.redhat.com/errata/RHSA-2012-0731.html

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDVSA-2012:041

DEBIAN
  http://www.debian.org/security/2012/dsa-2525

CONFIRM
  http://sourceforge.net/projects/expat/files/expat/2.1.0/
  http://sourceforge.net/tracker/?func=detail&atid=110127&aid=2958794&group_id=10127
  http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.166&r2=1.167

BID
  52379


Return to the previous page.