The Portable Tool Library (aka PTLib) prior to 2.10.10, as used in Ekiga prior to 4.0.1, does not properly detect recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opalvoip portable tool library 2.10.7 |
||
opalvoip portable tool library 2.10.2 |
||
opalvoip portable tool library 2.10.1 |
||
opalvoip portable tool library 2.10.9 |
||
ekiga ekiga |
||
suse suse linux enterprise software development kit 11.0 |
||
suse suse linux enterprise desktop 11.0 |