cbcvebase.
CVE-2006-1827
published 2006-04-18

CVE-2006-1827: Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a…

PriorityP433medium6.4CVSS 2.0
AVNACLAuNCNIPAP
EPSS
6.87%
93.2th percentile
Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length.

Affected

40 ranges· showing 25
VendorProductVersion rangeFixed in
debianasterisk< asterisk 1:1.2.7.1.dfsg-1 (bullseye)asterisk 1:1.2.7.1.dfsg-1 (bullseye)
digiumasterisk<= 1.2.6
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk

CVSS provenance

nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
osv6.4MEDIUM
vendor_debian6.4MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.