CVE-2007-4897

Publication date 14 September 2007

Last updated 24 July 2024

pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". NOTE: this issue was originally reported as being in the SIPURL::GetHostAddress function in Ekiga (formerly GnomeMeeting).

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
pwlib	7.10 gutsy	Fixed 1.10.10-0ubuntu2.1
	7.04 feisty	Fixed 1.10.3-0ubuntu1.1
	6.10 edgy	Fixed 1.10.2.dfsg-0ubuntu3.1
	6.06 LTS dapper	Fixed 1.10.0-1ubuntu1.1

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

pwlib is the source package for libpt* rh has patch not clear if openh323 is also affected, as openh323.org is currently down

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-561-1
pwlib vulnerability
8 January 2008

Other references

http://www.redhat.com/support/errata/RHSA-2007-0932.html
http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sipcon.cxx?r1=2.120.2.25&r2=2.120.2.26&pathrev=v2_2_9
https://www.cve.org/CVERecord?id=CVE-2007-4897