Vulnerabilities > Ekiga
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-22 | CVE-2011-1830 | Code Injection vulnerability in Ekiga Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so. | 6.8 |
2014-09-29 | CVE-2012-5621 | Improper Input Validation vulnerability in Ekiga lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings. | 5.0 |
2014-05-23 | CVE-2013-1864 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack." | 4.3 |
2007-10-08 | CVE-2007-4924 | Improper Input Validation vulnerability in multiple products The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address." | 5.0 |
2007-09-14 | CVE-2007-4897 | Resource Management Errors vulnerability in Ekiga 2.0.5 pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". | 5.0 |
2007-02-20 | CVE-2007-1007 | Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. | 10.0 |
2007-02-20 | CVE-2007-1006 | USE of Externally-Controlled Format String vulnerability in Ekiga Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet. | 10.0 |