Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2013-1864

Published: 23/05/2014 Updated: 29/08/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Portable Tool Library

Vulnerability Summary

The Portable Tool Library (aka PTLib) prior to 2.10.10, as used in Ekiga prior to 4.0.1, does not properly detect recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

opalvoip portable tool library 2.10.7

opalvoip portable tool library 2.10.2

opalvoip portable tool library 2.10.1

opalvoip portable tool library 2.10.9

ekiga ekiga

suse suse linux enterprise software development kit 11.0

suse suse linux enterprise desktop 11.0

Vendor Advisories

Debian CVElist Bug Report Logs: ekiga: CVE-2013-1864
Debian Bug report logs - #704133 ekiga: CVE-2013-1864 Package: ekiga; Maintainer for ekiga is Kilian Krause <kilian@debianorg>; Source for ekiga is src:ekiga (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 28 Mar 2013 12:09:01 UTC Severity: important Tags: security Found in versio ...

References

CWE-119http://www.securityfocus.com/bid/58520http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099553.htmlhttp://secunia.com/advisories/52659https://www.suse.com/support/update/announcement/2014/suse-su-20140237-1.htmlhttp://sourceforge.net/p/opalvoip/code/28856http://osvdb.org/91439http://seclists.org/oss-sec/2013/q1/674http://www.ekiga.org/news/2013-02-21/ekiga-4.0.1-stable-availablehttps://exchange.xforce.ibmcloud.com/vulnerabilities/82885https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704133https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook