It was discovered that Expat, an XML parsing C library, did not properly handled XML input including XML names that contain a large number of colons, potentially resulting in denial of service.