CVE-2012-5621

Published: Sep 29, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings.

Affected (1)

Products: Ekiga: Ekiga

Ekiga

1 product

Ekiga

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ekiga Ekiga	Up to 3.9.90

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (16)

http://ftp.gnome.org/pub/gnome/sources/ekiga/4.0/ekiga-4.0.0.news

Source: secalert@redhat.com

http://seclists.org/oss-sec/2012/q4/407

Source: secalert@redhat.com

http://www.securityfocus.com/bid/56790

Source: secalert@redhat.com

https://blogs.oracle.com/sunsecurity/entry/cve_2012_5621_denial_of

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=883058

Source: secalert@redhat.com

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/80640

Source: secalert@redhat.com

https://git.gnome.org/browse/ekiga/commit/?id=7d09807257

Source: secalert@redhat.com

https://lists.fedoraproject.org/pipermail/package-announce/2013-March/099554.html

Source: secalert@redhat.com

http://ftp.gnome.org/pub/gnome/sources/ekiga/4.0/ekiga-4.0.0.news