CyberSec.Space Logo
Back to CVE Browser

CVE-2007-4897

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.1250%
EPSS Percentile14.90th
PublishedSep 14, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". NOTE: this issue was originally reported as being in the SIPURL::GetHostAddress function in Ekiga (formerly GnomeMeeting).

Affected Platforms (CPE)

πŸ“¦
Ekiga

Ekiga

= 2.0.5

References & Advisories

πŸ”— http://blog.s21sec.com/2007/09/sobre-la-vulnerabilidad-del-ekiga.html
πŸ”— http://marc.info/?l=full-disclosure&m=118959114522339&w=2
πŸ”— http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sipcon.cxx?r1=2.120.2.25&r2=2.120.2.26&pathrev=v2_2_9
πŸ”— http://secunia.com/advisories/27127
πŸ”— http://secunia.com/advisories/27150
πŸ”— http://secunia.com/advisories/27518
πŸ”— http://secunia.com/advisories/28385
πŸ”— http://securityreason.com/securityalert/3138

Related Vulnerabilities

CVE-2007-100610.0

Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause...

CVE-2007-09999.3

Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via uns...

CVE-2011-18305.7

Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so.

CVE-2007-49245.0

The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attacke...