ekiga 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に バッファオーバーフロー and vendor risk input validation などに関し、一部は vendor impact unexpected behavior を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2011-1830 | Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so. | [email protected] | 5.7 | 0.79% | 2019-04-22 | 2026-06-16 |
| CVE-2012-5621 | lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings. | [email protected] | 5.0 | 2.77% | 2014-09-29 | 2026-06-16 |
| CVE-2013-1864 | The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack." | [email protected] | 4.3 | 2.85% | 2014-05-23 | 2026-06-16 |
| CVE-2007-4924 | The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address." | [email protected] | 5.0 | 10.68% | 2007-10-08 | 2026-06-16 |
| CVE-2007-4897 | pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". NOTE: this issue was originally reported as being in the SIPURL::GetHostAddress function in Ekiga (formerly GnomeMeeting). | [email protected] | 5.0 | 10.90% | 2007-09-14 | 2026-06-16 |
| CVE-2007-1007 | Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. | [email protected] | 10.0 | 7.03% | 2007-02-20 | 2026-06-16 |
| CVE-2007-1006 | Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet. | [email protected] | 10.0 | 3.64% | 2007-02-19 | 2026-06-16 |