Launchpad CVE tracker

CVE 2012-1148

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.

Related bugs and status

CVE-2012-1148 (Candidate) is related to these bugs:

Bug #1048835: [Quantal] xmlrpc-c is vulnerable to CVE-2012-0876 and CVE-2012-1148

Summary				In	Importance	Status
	1048835	[Quantal] xmlrpc-c is vulnerable to CVE-2012-0876 and CVE-2012-1148		xmlrpc-c (Ubuntu)	Medium	Fix Released
	1048835	[Quantal] xmlrpc-c is vulnerable to CVE-2012-0876 and CVE-2012-1148		xmlrpc-c (Ubuntu Quantal)	Medium	Fix Released

Bug #1076812: Please merge xmlrpc-c 1.16.33-3.2 (main) from Debian testing (main)

Summary				In	Importance	Status
	1076812	Please merge xmlrpc-c 1.16.33-3.2 (main) from Debian testing (main)		xmlrpc-c (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://sourceforge.net...
MANDRIVA: MDVSA-2012:041
REDHAT: RHSA-2012:0731
SECUNIA: 49504
UBUNTU: USN-1613-2
DEBIAN: DSA-2525
UBUNTU: USN-1527-1
UBUNTU: USN-1613-1
SECUNIA: 51024
SECUNIA: 51040
BID: 52379
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2015-12-08-3
REDHAT: RHSA-2016:0062
CONFIRM: http://expat.cvs.sourc...
CONFIRM: http://sourceforge.net...
SECTRACK: 1034344
REDHAT: RHSA-2016:2957

Launchpad.net

CVE 2012-1148

Related bugs and status

Related bugs

References