The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux_enterprise_software_development_kit | 11.0 |
| opalvoip | portable_tool_library | 2.10.1 |
| opalvoip | portable_tool_library | 2.10.7 |
| opalvoip | portable_tool_library | 2.10.2 |
| opalvoip | portable_tool_library | 2.10.9 |
| ekiga | ekiga | * |
| suse | suse_linux_enterprise_desktop | 11.0 |