First published: Fri May 23 2014(Updated: )
The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack."
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Opalvoip Portable Tool Library | =2.10.1 | |
Opalvoip Portable Tool Library | =2.10.2 | |
Opalvoip Portable Tool Library | =2.10.7 | |
Opalvoip Portable Tool Library | =2.10.9 | |
Ekiga Ekiga | <=4.0.0 | |
Suse Suse Linux Enterprise Software Development Kit | =11.0-sp3 | |
SUSE SUSE Linux Enterprise Desktop | =11.0-sp3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.