CVE-2013-1864
The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack."
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0273 (2.7%)
Percentile: 86.0%
EPSS: 2026-05-06
Affects
opalvoip:portable_tool_libraryekiga:ekigasuse:suse_linux_enterprise_software_development_kitsuse:suse_linux_enterprise_desktopTechnical description
The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack."
Published: 5/23/2014, 2:55:09 PM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099553.html
- http://osvdb.org/91439
- http://seclists.org/oss-sec/2013/q1/674
- http://secunia.com/advisories/52659
- http://sourceforge.net/p/opalvoip/code/28856
- http://www.ekiga.org/news/2013-02-21/ekiga-4.0.1-stable-available
- http://www.securityfocus.com/bid/58520
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82885