CyberSec.Space Logo
Back to CVE Browser

CVE-2007-4924

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.0290%
EPSS Percentile39.09th
PublishedOct 8, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address."

Affected Platforms (CPE)

πŸ“¦
Ekiga

Ekiga

<= 2.0.9
πŸ“¦
Openh323 Project

Openh323

<= 2.2.3

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
πŸ”— http://mail.gnome.org/archives/ekiga-list/2007-September/msg00103.html
πŸ”— http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sippdu.cxx?r1=2.83.2.19&r2=2.83.2.20
πŸ”— http://osvdb.org/41637
πŸ”— http://secunia.com/advisories/27118
πŸ”— http://secunia.com/advisories/27128
πŸ”— http://secunia.com/advisories/27129
πŸ”— http://secunia.com/advisories/27271

Related Vulnerabilities

CVE-2007-100610.0

Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause...

CVE-2007-09999.3

Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via uns...

CVE-2011-18305.7

Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so.

CVE-2007-48975.0

pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash...