PSF-2014-1 CVE-2013-0340 Billion Laughs fixed in Expat 2.4.0
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...