CVE-2012-1147 — Improper Input Validation in Project Libexpat

CWE-20 — Improper Input Validation10 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

1.2%

top 21.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libexpat Project Libexpat Apple MAC OS X

Timeline

PublishedJul 3

Latest updateMay 13

Description

readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDlibexpat_project/libexpat2.0.1+8

▶NVDapple/mac_os_x10.11.0, 10.11.1+1

🔴Vulnerability Details

GHSA

GHSA-c8m9-hqfc-w4mm: readfilemap↗2022-05-13

▶

OSV

CVE-2012-1147: readfilemap↗2012-07-03

▶

CVEList

CVE-2012-1147: readfilemap↗2012-07-03

▶

📋Vendor Advisories

Apple

CVE-2012-1147: iTunes 12.6 for Windows↗2017-03-21

▶

Apple

CVE-2012-1147: iTunes 12.6↗2017-03-21

▶

Red Hat

expat: resource leak in readfilemap.c↗2012-03-03

▶

Debian

CVE-2012-1147: expat - readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause ...↗2012

▶

Apple

CVE-2012-1147: OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks↗

▶

💬Community

Bugzilla

CVE-2012-1147 expat: resource leak in readfilemap.c↗2012-03-09

▶