CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2007-4897

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.1250%
EPSS Percentile14.90th
Published2007年9月14日
Last Modified2026年4月23日

Vulnerability Description

pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". NOTE: this issue was originally reported as being in the SIPURL::GetHostAddress function in Ekiga (formerly GnomeMeeting).

Affected Platforms (CPE)

📦
Ekiga

Ekiga

= 2.0.5

References & Advisories

🔗 http://blog.s21sec.com/2007/09/sobre-la-vulnerabilidad-del-ekiga.html
🔗 http://marc.info/?l=full-disclosure&m=118959114522339&w=2
🔗 http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sipcon.cxx?r1=2.120.2.25&r2=2.120.2.26&pathrev=v2_2_9
🔗 http://secunia.com/advisories/27127
🔗 http://secunia.com/advisories/27150
🔗 http://secunia.com/advisories/27518
🔗 http://secunia.com/advisories/28385
🔗 http://securityreason.com/securityalert/3138

相關漏洞威脅

CVE-2007-100610.0

Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause...

CVE-2007-09999.3

Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via uns...

CVE-2011-18305.7

Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so.

CVE-2007-49245.0

The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attacke...