CVEブラウザに戻る

CVE-2007-4924

MEDIUM

5.0

CVSS Severity Score

EPSS Score0.0290%

EPSS Percentile39.09th

Published2007年10月8日

Last Modified2026年4月23日

Vulnerability Description

The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address."

Affected Platforms (CPE)

📦

Ekiga

Ekiga

<= 2.0.9

📦

Openh323 Project

Openh323

<= 2.2.3

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html

🔗 http://mail.gnome.org/archives/ekiga-list/2007-September/msg00103.html

🔗 http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sippdu.cxx?r1=2.83.2.19&r2=2.83.2.20

🔗 http://osvdb.org/41637

🔗 http://secunia.com/advisories/27118

🔗 http://secunia.com/advisories/27128

🔗 http://secunia.com/advisories/27129

🔗 http://secunia.com/advisories/27271

関連する脆弱性情報

CVE-2007-100610.0

Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause...

CVE-2007-09999.3

Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via uns...

CVE-2011-18305.7

Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so.

CVE-2007-48975.0

pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash...