Vulnerabilities > Ekiga

DATE CVE VULNERABILITY TITLE RISK
2019-04-22 CVE-2011-1830 Code Injection vulnerability in Ekiga
Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so.
network
ekiga CWE-94
6.8
2014-09-29 CVE-2012-5621 Improper Input Validation vulnerability in Ekiga
lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings.
network
low complexity
ekiga CWE-20
5.0
2014-05-23 CVE-2013-1864 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack."
4.3
2007-10-08 CVE-2007-4924 Improper Input Validation vulnerability in multiple products
The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address."
network
low complexity
ekiga openh323-project CWE-20
5.0
2007-09-14 CVE-2007-4897 Resource Management Errors vulnerability in Ekiga 2.0.5
pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw".
network
low complexity
ekiga CWE-399
5.0
2007-02-20 CVE-2007-1007 Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function.
network
low complexity
ekiga redhat
critical
10.0
2007-02-20 CVE-2007-1006 USE of Externally-Controlled Format String vulnerability in Ekiga
Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet.
network
low complexity
ekiga CWE-134
critical
10.0