{"id":"USN-7307-1","summary":"libxmltok vulnerability","details":"Tim Boddy discovered that Expat, contained within the xmltok library, did\nnot properly handle memory reallocation when processing XML files. If a\nuser or application linked against Expat were tricked into opening a\ncrafted XML file, an attacker could cause a denial of service by consuming\nexcessive memory resources.\n","modified":"2026-04-27T17:46:13.117909Z","published":"2025-02-26T22:33:09Z","related":["UBUNTU-CVE-2012-1148"],"upstream":["CVE-2012-1148","UBUNTU-CVE-2012-1148"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7307-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2012-1148"}],"affected":[{"package":{"name":"libxmltok","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/libxmltok@1.2-4ubuntu0.18.04.1~esm5?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2-4ubuntu0.18.04.1~esm5"}]}],"versions":["1.2-4","1.2-4ubuntu0.18.04.1~esm1","1.2-4ubuntu0.18.04.1~esm2","1.2-4ubuntu0.18.04.1~esm3","1.2-4ubuntu0.18.04.1~esm4"],"ecosystem_specific":{"binaries":[{"binary_version":"1.2-4ubuntu0.18.04.1~esm5","binary_name":"libxmltok1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7307-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"severity":[{"score":"low","type":"Ubuntu"}],"id":"CVE-2012-1148"}]}}},{"package":{"name":"libxmltok","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/libxmltok@1.2-4ubuntu0.20.04.1~esm5?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2-4ubuntu0.20.04.1~esm5"}]}],"versions":["1.2-4","1.2-4ubuntu0.20.04.1~esm1","1.2-4ubuntu0.20.04.1~esm2","1.2-4ubuntu0.20.04.1~esm3","1.2-4ubuntu0.20.04.1~esm4"],"ecosystem_specific":{"binaries":[{"binary_version":"1.2-4ubuntu0.20.04.1~esm5","binary_name":"libxmltok1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7307-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[{"severity":[{"score":"low","type":"Ubuntu"}],"id":"CVE-2012-1148"}]}}},{"package":{"name":"libxmltok","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/libxmltok@1.2-4ubuntu0.22.04.1~esm5?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2-4ubuntu0.22.04.1~esm5"}]}],"versions":["1.2-4","1.2-4ubuntu0.22.04.1~esm1","1.2-4ubuntu0.22.04.1~esm2","1.2-4ubuntu0.22.04.1~esm3","1.2-4ubuntu0.22.04.1~esm4"],"ecosystem_specific":{"binaries":[{"binary_version":"1.2-4ubuntu0.22.04.1~esm5","binary_name":"libxmltok1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7307-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:22.04:LTS","cves":[{"severity":[{"score":"low","type":"Ubuntu"}],"id":"CVE-2012-1148"}]}}},{"package":{"name":"libxmltok","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/libxmltok@1.2-4.1ubuntu2.24.0.4.1+esm3?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2-4.1ubuntu2.24.0.4.1+esm3"}]}],"versions":["1.2-4ubuntu1","1.2-4.1ubuntu1","1.2-4.1ubuntu2","1.2-4.1ubuntu2.24.0.4.1+esm1","1.2-4.1ubuntu2.24.0.4.1+esm2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.2-4.1ubuntu2.24.0.4.1+esm3","binary_name":"libxmltok1t64"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7307-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:24.04:LTS","cves":[{"severity":[{"score":"low","type":"Ubuntu"}],"id":"CVE-2012-1148"}]}}}],"schema_version":"1.7.5"}