CVE-2012-1148Missing Release of Memory after Effective Lifetime in Apple MAC OS X

CWE-399CWE-401Missing Release of Memory after Effective Lifetime19 documents10 sources
Severity
5.0MEDIUMNVD
EPSS
1.3%
top 20.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MAC OS XLibexpat Project Libexpat
Timeline
PublishedJul 3
Latest updateFeb 26

Description

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDapple/mac_os_x10.11.1

Patches

Patch: expat.cvs.sourceforge.netPatch: expat.cvs.sourceforge.net

🔴Vulnerability Details

4
OSV
libxmltok vulnerabilities2022-07-19
GHSA
GHSA-hm5h-j86h-82pc: Memory leak in the poolGrow function in expat/lib/xmlparse2022-05-13
CVEList
CVE-2012-1148: Memory leak in the poolGrow function in expat/lib/xmlparse2012-07-03
OSV
CVE-2012-1148: Memory leak in the poolGrow function in expat/lib/xmlparse2012-07-03

💥Exploits & PoCs

1
Exploit-DB
Kayako Fusion - 'download.php' Cross-Site Scripting2012-09-05

📋Vendor Advisories

11
Ubuntu
xmltok library vulnerability2025-02-26
Ubuntu
xmltok library vulnerabilities2022-07-19
Apple
CVE-2012-1148: iTunes 12.62017-03-21
Apple
CVE-2012-1148: iTunes 12.6 for Windows2017-03-21
Ubuntu
Python 2.5 vulnerabilities2012-10-17

💬Community

2
Bugzilla
CVE-2012-1148 CVE-2012-0876 compat-expat1 various flaws [fedora-all]2013-07-09
Bugzilla
CVE-2012-1148 expat: Memory leak in poolGrow2012-03-09
CVE-2012-1148 — Apple MAC OS X vulnerability | cvebase