CyberSec.Space Logo
Back to CVE Browser

CVE-2007-1006

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0920%
EPSS Percentile0.54th
PublishedFeb 20, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet.

Affected Platforms (CPE)

πŸ“¦
Ekiga

Ekiga

<= 2.0.4

References & Advisories

πŸ”— http://fedoranews.org/cms/node/2682
πŸ”— http://fedoranews.org/cms/node/2683
πŸ”— http://labs.musecurity.com/advisories/MU-200702-01.txt
πŸ”— http://mail.gnome.org/archives/ekiga-list/2007-February/msg00060.html
πŸ”— http://secunia.com/advisories/24194
πŸ”— http://secunia.com/advisories/24228
πŸ”— http://secunia.com/advisories/24229
πŸ”— http://secunia.com/advisories/24271

Related Vulnerabilities

CVE-2007-09999.3

Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via uns...

CVE-2011-18305.7

Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so.

CVE-2007-48975.0

pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash...

CVE-2007-49245.0

The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attacke...