FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- denial of service vulnerability, local system access

Affected packages
asterisk < 1.2.7

Details

VuXML ID 8b683bea-d49c-11da-a672-000e0c2e438a
Discovery 2006-04-07
Entry 2006-04-25

Emmanouel Kellenis reports a denial of service vulnerability within asterisk. The vulnerability is caused by a buffer overflow in "format_jpeg.c". A large JPEG image could trigger this bug, potentially allowing a local attacker to execute arbitrary code.

References

Bugtraq ID 17561
CVE Name CVE-2006-1827
URL http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.