CVE-2013-0340
- EPSS 0.07%
- Veröffentlicht 21.01.2014 18:55:09
- Zuletzt bearbeitet 25.11.2025 17:15:47
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests t...
- EPSS 1.29%
- Veröffentlicht 03.07.2012 19:55:02
- Zuletzt bearbeitet 11.04.2025 00:51:21
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation...
CVE-2012-1147
- EPSS 1.15%
- Veröffentlicht 03.07.2012 19:55:02
- Zuletzt bearbeitet 11.04.2025 00:51:21
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
CVE-2012-0876
- EPSS 0.31%
- Veröffentlicht 03.07.2012 19:55:02
- Zuletzt bearbeitet 11.04.2025 00:51:21
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file wit...
- EPSS 2.83%
- Veröffentlicht 04.12.2009 21:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that ...
- EPSS 1.54%
- Veröffentlicht 03.11.2009 16:30:12
- Zuletzt bearbeitet 09.04.2025 00:30:58
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafte...