Libexpat Project: >> Libexpat >> 2.0.0 Security Vulnerabilities
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
CVSS Score
4.3
EPSS Score
0.003
Published
2012-07-03
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
CVSS Score
4.3
EPSS Score
0.012
Published
2012-07-03
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.
CVSS Score
5.0
EPSS Score
0.013
Published
2012-07-03
Page 5