CVE-2013-1864 Information

Description

The Portable Tool Library (aka PTLib) before 2.10.10 as used in Ekiga before 4.0.1 does not properly detect recursion during entity expansion which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references aka a \billion laughs attack.\

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099553.html http://osvdb.org/91439 http://seclists.org/oss-sec/2013/q1/674 http://secunia.com/advisories/52659 http://sourceforge.net/p/opalvoip/code/28856 http://www.ekiga.org/news/2013-02-21/ekiga-4.0.1-stable-available http://www.securityfocus.com/bid/58520 https://exchange.xforce.ibmcloud.com/vulnerabilities/82885 https://www.suse.com/support/update/announcement/2014/suse-su-20140237-1.html