The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack."
Max CVSS
4.3
EPSS Score
2.33%
Published
2014-05-23
Updated
2017-08-29
lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings.
Max CVSS
5.0
EPSS Score
3.11%
Published
2014-09-29
Updated
2017-08-29
2 vulnerabilities found