Bug#364195: CVE-2006-1827: arbitrary code execution

Stefan Fritsch sf at sfritsch.de
Fri Apr 21 20:24:16 UTC 2006

Package: asterisk
Severity: grave
Tags: security
Justification: user security hole

Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and
earlier allows remote attackers to execute arbitrary code via a length
value that passes a length check as a negative number, but triggers a
buffer overflow when it is used as an unsigned length.

This is fixed in 1.2.7.

Please mention the CVE-id in the changelog.

More information about the Pkg-voip-maintainers mailing list