CVE-2013-1864

NameCVE-2013-1864
DescriptionThe Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs704133

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ekigasource(unstable)4.0.1-1low704133

Notes

https://www.openwall.com/lists/oss-security/2013/03/15/6
[wheezy] - ekiga <no-dsa> (Minor issue)
[squeeze] - ekiga <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems