CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2012-1147 – Apple Security Advisory 2017-03-22-2
https://notcve.org/view.php?id=CVE-2012-1147
03 Jul 2012 — readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. readfilemap.c en expat antes de v2.1.0 permite causar una denegación de servicio (por consumo de descriptores de fichero) a atacantes dependientes de contexto a través de un gran número de archivos XML hechos a mano. This advisory provides additional information for APPLE-SA-2017-03-22-1. iTunes for Windows 12.6 addresses multiple vulnerab... • http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2012-1148 – expat: Memory leak in poolGrow
https://notcve.org/view.php?id=CVE-2012-1148
03 Jul 2012 — Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. Múltiples fugas de memoria en la función poolGrow en expat/lib/xmlparse.c en expat anteriores a v2.1.0 podría permitir a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de un número largo de ... • http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.166&r2=1.167 • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •