MidnightBSD

Advisories for opalvoip

CVE-2013-1864 MEDIUM

The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
suse suse_linux_enterprise_software_development_kit 11.0
opalvoip portable_tool_library 2.10.1
opalvoip portable_tool_library 2.10.7
opalvoip portable_tool_library 2.10.2
opalvoip portable_tool_library 2.10.9
ekiga ekiga *
suse suse_linux_enterprise_desktop 11.0