CVE-2012-1147
published 2012-07-03CVE-2012-1147: readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted…
medium4.3CVSS 3.1
AVNACMAuNCNINAP
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | itunes | — | — |
| apple | itunes_12.6_for_windows | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | os_x_el_capitan_10.11.2_security_update_2015-005_yosemite_and_security_update_20 | — | — |
| debian | expat | — | — |
| debian | libxmltok | — | — |
| libexpat_project | libexpat | <= 2.0.1 | — |
| libexpat_project | libexpat | — | — |
| libexpat_project | libexpat | — | — |
| libexpat_project | libexpat | — | — |
| libexpat_project | libexpat | — | — |
| libexpat_project | libexpat | — | — |
| libexpat_project | libexpat | — | — |
| libexpat_project | libexpat | — | — |
| libexpat_project | libexpat | — | — |
CVSS provenance
nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
Apple
CVE-2012-1147: iTunes 12.6 for Windows
vendor_apple·2017-03-21·CVSS 4.3
CVE-2012-1147 [MEDIUM] CVE-2012-1147: iTunes 12.6 for Windows
Apple Security Update: About the security content of iTunes 12.6 for Windows
Product: iTunes 12.6 for Windows
CVE: CVE-2012-1147
Component: CVE-2012-1147
Apple
CVE-2012-1147: iTunes 12.6
vendor_apple·2017-03-21·CVSS 4.3
CVE-2012-1147 [MEDIUM] CVE-2012-1147: iTunes 12.6
Apple Security Update: About the security content of iTunes 12.6
Product: iTunes
Version: 12.6
CVE: CVE-2012-1147
Component: CVE-2012-1147
Red Hat
expat: resource leak in readfilemap.c
vendor_redhat·2012-03-03·CVSS 4.3
CVE-2012-1147 [MEDIUM] expat: resource leak in readfilemap.c
expat: resource leak in readfilemap.c
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
Package: expat (Red Hat Directory Server 8) - Not affected
Package: expat (Red Hat Enterprise Linux 4) - Not affected
Package: expat (Red Hat Enterprise Linux 5) - Not affected
Package: compat-expat1 (Red Hat Enterprise Linux 6) - Not affected
Package: expat (Red Hat Enterprise Linux 6) - Not affected
Package: mingw32-expat (Red Hat Enterprise Linux 6) - Will not fix
Debian
CVE-2012-1147: expat - readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause ...
vendor_debian·2012·CVSS 4.3
CVE-2012-1147 [MEDIUM] CVE-2012-1147: expat - readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause ...
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Apple
CVE-2012-1147: OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks
vendor_apple·CVSS 4.3
CVE-2012-1147 [MEDIUM] CVE-2012-1147: OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks
Apple Security Update: About the security content of OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks
Product: OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks
CVE: CVE-2012-1147
Component: CVE-ID
Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information
Description: A memory corruption issue existed in the parsing of XML files. This issue was addressed through improved memory handling.
GHSA
GHSA-c8m9-hqfc-w4mm: readfilemap
ghsa_unreviewed·2022-05-13
CVE-2012-1147 [MEDIUM] CWE-20 GHSA-c8m9-hqfc-w4mm: readfilemap
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
OSV
CVE-2012-1147: readfilemap
osv·2012-07-03·CVSS 4.3
CVE-2012-1147 [MEDIUM] CVE-2012-1147: readfilemap
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
No detection rules found.
No public exploits indexed.
Bugzilla
Update to Expat 2.2.1
bugzilla·2017-06-18·CVSS 4.3
[MEDIUM] Update to Expat 2.2.1
Update to Expat 2.2.1
Update expat files that live in: parser/expat/lib/
For list of fixed CVEs see:
http://www.openwall.com/lists/oss-security/2017/06/17/7
Discussion:
This fixes some integer overflows, a double free and more. So marking s-s for now.
---
FWIW I've explicitly avoided updating to the latest expat versions as they've tend to introduce more CVE's than they fix. We keep a much trimmed down (and modified) version of 2.0.0 in tree, it would be interesting to see what overlap there is and maybe just cherry-pick changes that are relevant to us.
---
I've started looking over the differences. I'll attach some patches with some no-brainers and then we can decide on the rest.
---
From the release notes:
CVE-2017-9233 External entity infinite loop DoS
Probably affects us, I
Bugzilla
CVE-2012-1147 expat: resource leak in readfilemap.c
bugzilla·2012-03-09·CVSS 4.3
CVE-2012-1147 [MEDIUM] CVE-2012-1147 expat: resource leak in readfilemap.c
CVE-2012-1147 expat: resource leak in readfilemap.c
martin ettl reported a resource leak in expat[1]:
during a check with the static code analysis tool cppcheck, i found a resource leak, I reported it to the wxWidgets developers. The told me to contact you:
http://trac.wxwidgets.org/ticket/11432
http://trac.wxwidgets.org/ticket/11194
Best regards
Orbitcowboy
[1] http://sourceforge.net/tracker/?func=detail&atid=110127&aid=2895533&group_id=10127
http://mail.python.org/pipermail/expat-bugs/2009-November/002858.html
Discussion:
xmlwf/readfilemap.c is used on Windows only, from configure:
if test "$ac_cv_func_mmap_fixed_mapped" = "yes"; then
FILEMAP=unixfilemap
else
FILEMAP=readfilemap
fi
NOTABUG on UNIX, but affects Windows so expat is not affected but mingw32-expat may be affected o
http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.htmlhttp://sourceforge.net/projects/expat/files/expat/2.1.0/http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127http://trac.wxwidgets.org/ticket/11194http://trac.wxwidgets.org/ticket/11432http://www.securityfocus.com/bid/52379http://www.securitytracker.com/id/1034344https://support.apple.com/HT205637http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.htmlhttp://sourceforge.net/projects/expat/files/expat/2.1.0/http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127http://trac.wxwidgets.org/ticket/11194http://trac.wxwidgets.org/ticket/11432http://www.securityfocus.com/bid/52379http://www.securitytracker.com/id/1034344https://support.apple.com/HT205637
2012-07-03
Published