Add brief info about billion laughs and expat

content/pages/xml-security.md

@@ -30,5 +30,18 @@ expected.
 
 # <a name="billion-laughs"></a> Billion laughs attack
 
-TODO
+By recursively nesting entities, it is possible to have a relatively small XML input file that generates a
+huge output after processing entities and/or takes a long time to process. In case of high memory
+usage, an XML parser may crash if the out-of-memory situation is not handled gracefully. This is known as a
+billion laughs attack.
 
+Expat includes countermeasures against billion laugh attacks. By default, Expat stops processing inputs if
+the output is more than 100 times larger than the input and larger than 8 MiB.
+
+The billion laughs attack in Expat, which affected versions before 2.4.0, is tracked as
+[CVE-2013-0340](https://www.cve.org/CVERecord?id=CVE-2013-0340).
+
+Note that there are variations of the billion laughs attack and other denial of service issues in XML parsing.
+Examples include [CVE-2025-59375](https://www.cve.org/CVERecord?id=CVE-2025-59375) (inputs can cause large
+dynamic memory allocation, fixed in 2.7.2) and
+[CVE-2024-8176](https://www.cve.org/CVERecord?id=CVE-2024-8176) (crash due to deep recursion, fixed in 2.7.0).