CVE-2007-5358

Name of the Vulnerable Software and Affected Versions: Asterisk versions 1.4.x through 1.4.12

Description: The issue is related to multiple buffer overflows in the voicemail functionality when using IMAP storage. This could allow remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers. Additionally, local users might be able to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields, provided they have write access to Asterisk configuration files.

Recommendations: For Asterisk versions 1.4.x through 1.4.12, update to version 1.4.13 or later to resolve the issue.