Early Access — Mondoo Vulnerability Intelligence is currently in preview.

UBUNTU-CVE-2012-1148 | Mondoo Vulnerability Intelligence

UBUNTU-CVE-2012-1148

LOW2.0

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XM

Published Jul 3, 2012

Modified 6 months ago

Fix available

Details

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.

Affected Packages

Ubuntu:Pro:16.04:LTSayttm

Affected versions:

0.6.3-3build1

Ubuntu:16.04:LTSayttm

Affected versions:

0.6.3-3build1

Ubuntu:Pro:16.04:LTScableswig

Affected versions:

0.1.0+git20150808-10.1.0+git20150808-2

Ubuntu:Pro:18.04:LTScadaver

Affected versions:

0.23.3-2ubuntu3

Ubuntu:20.04:LTScadaver

Affected versions:

0.23.3-2.1build1

Ubuntu:Pro:16.04:LTScadaver

Affected versions:

0.23.3-2ubuntu2

Ubuntu:24.04:LTScadaver

Affected versions:

0.24+dfsg-20.24+dfsg-30.24+dfsg-3build10.24+dfsg-3build2

Ubuntu:22.04:LTScadaver

Affected versions:

0.23.3-2.1build1

Ubuntu:25.04cadaver

Affected versions:

0.24+dfsg-40.26+dfsg-2

Ubuntu:Pro:20.04:LTScadaver

Affected versions:

0.23.3-2.1build1

Ubuntu:18.04:LTScadaver

Affected versions:

0.23.3-2ubuntu3

Ubuntu:14.04:LTScoin3

Affected versions:

3.1.4~abc9f50-33.1.4~abc9f50-43.1.4~abc9f50-4ubuntu23.1.4~abc9f50-4ubuntu2+esm1

Ubuntu:Pro:18.04:LTScoin3

Affected versions:

3.1.4~abc9f50+dfsg1-23.1.4~abc9f50+dfsg2-13.1.4~abc9f50+dfsg3-13.1.4~abc9f50+dfsg3-2

Ubuntu:Pro:16.04:LTScoin3

Affected versions:

3.1.4~abc9f50+dfsg1-13.1.4~abc9f50+dfsg1-1ubuntu0.1~esm1

Ubuntu:Pro:14.04:LTScoin3

Affected versions:

3.1.4~abc9f50-33.1.4~abc9f50-43.1.4~abc9f50-4ubuntu23.1.4~abc9f50-4ubuntu2+esm1

Ubuntu:Pro:16.04:LTSinsighttoolkit

Affected versions:

3.20.1+git20120521-63.20.1+git20120521-6build1

Ubuntu:Pro:16.04:LTSlibxmltok

Affected versions:

1.2-3build31.2-3ubuntu0.16.04.1~esm1

Fixed in:

1.2-3ubuntu0.16.04.1~esm2

Ubuntu:25.04libxmltok

Affected versions:

1.2-4.1ubuntu3

Fixed in:

1.2-4.1ubuntu4

Ubuntu:Pro:20.04:LTSlibxmltok

Affected versions:

1.2-41.2-4ubuntu0.20.04.1~esm11.2-4ubuntu0.20.04.1~esm21.2-4ubuntu0.20.04.1~esm31.2-4ubuntu0.20.04.1~esm4

Fixed in:

1.2-4ubuntu0.20.04.1~esm5

Ubuntu:24.04:LTSlibxmltok

Affected versions:

1.2-4.1ubuntu11.2-4.1ubuntu21.2-4ubuntu1

Ubuntu:Pro:24.04:LTSlibxmltok

Affected versions:

1.2-4.1ubuntu11.2-4.1ubuntu21.2-4.1ubuntu2.24.0.4.1+esm11.2-4.1ubuntu2.24.0.4.1+esm21.2-4ubuntu1

Fixed in:

1.2-4.1ubuntu2.24.0.4.1+esm3

Ubuntu:Pro:18.04:LTSlibxmltok

Affected versions:

1.2-41.2-4ubuntu0.18.04.1~esm11.2-4ubuntu0.18.04.1~esm21.2-4ubuntu0.18.04.1~esm31.2-4ubuntu0.18.04.1~esm4

Fixed in:

1.2-4ubuntu0.18.04.1~esm5

Ubuntu:22.04:LTSlibxmltok

Affected versions:

1.2-4

Ubuntu:Pro:22.04:LTSlibxmltok

Affected versions:

1.2-41.2-4ubuntu0.22.04.1~esm11.2-4ubuntu0.22.04.1~esm21.2-4ubuntu0.22.04.1~esm31.2-4ubuntu0.22.04.1~esm4

Fixed in:

1.2-4ubuntu0.22.04.1~esm5

Ubuntu:Pro:16.04:LTSmatanza

Affected versions:

0.13+ds1-5

Ubuntu:22.04:LTSmatanza

Affected versions:

0.13+ds2-1

Ubuntu:Pro:18.04:LTSmatanza

Affected versions:

0.13+ds1-5build10.13+ds1-6

Ubuntu:Pro:20.04:LTSmatanza

Affected versions:

0.13+ds1-60.13+ds2-1

Ubuntu:24.04:LTSmatanza

Affected versions:

0.13+ds2-10.13+ds2-1build10.13+ds2-1build2

Ubuntu:25.04matanza

Affected versions:

0.13+ds2-1build20.13+ds2-2

Ubuntu:25.04paraview

Affected versions:

5.12.1+dfsg-45.13.2+dfsg-2ubuntu1

Ubuntu:25.04sitecopy

Affected versions:

1:0.16.6-131:0.16.6-141:0.16.6-151:0.16.6-16

Ubuntu:Pro:20.04:LTSswish-e

Affected versions:

2.4.7-6build12.4.7-6build2

Ubuntu:24.04:LTSswish-e

Affected versions:

2.4.7-6.22.4.7-6.2build12.4.7-6.2build22.4.7-6.2build3

Ubuntu:22.04:LTSswish-e

Affected versions:

2.4.7-6.12.4.7-6.1build12.4.7-6build3

Ubuntu:25.04swish-e

Affected versions:

2.4.7-6.2build32.4.7-6.2build42.4.7-6.3

Ubuntu:Pro:18.04:LTSswish-e

Affected versions:

2.4.7-5ubuntu1

Ubuntu:Pro:16.04:LTSswish-e

Affected versions:

2.4.7-42.4.7-4build1

Ubuntu:Pro:18.04:LTSvnc4

Affected versions:

4.1.1+xorg4.3.0-37.3ubuntu2

Ubuntu:Pro:16.04:LTSvnc4

Affected versions:

4.1.1+xorg4.3.0-37.3ubuntu24.1.1+xorg4.3.0-37.3ubuntu2.1+esm1

Ubuntu:Pro:14.04:LTSvnc4

Affected versions:

4.1.1+xorg4.3.0-37ubuntu54.1.1+xorg4.3.0-37ubuntu5.0.14.1.1+xorg4.3.0-37ubuntu5.0.24.1.1+xorg4.3.0-37ubuntu5.0.2+esm1

References

REPORThttp://mail.python.org/pipermail/expat-bugs/2010-February/002870.html REPORThttp://www.openwall.com/lists/oss-security/2012/03/09/1 REPORThttps://ubuntu.com/security/CVE-2012-1148 ADVISORYhttps://ubuntu.com/security/notices/USN-1527-1 ADVISORYhttps://ubuntu.com/security/notices/USN-1527-2 ADVISORYhttps://ubuntu.com/security/notices/USN-1613-1 ADVISORYhttps://ubuntu.com/security/notices/USN-1613-2 ADVISORYhttps://ubuntu.com/security/notices/USN-5455-1 ADVISORYhttps://ubuntu.com/security/notices/USN-7307-1 REPORThttps://www.cve.org/CVERecord?id=CVE-2012-1148