Colloquy INVITE Request Remote Format String Vulnerability

Colloquy INVITE Request Remote Format String Vulnerability

Colloquy is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application and to compromise affected computers. A denial-of-service condition may arise as well.

Colloquy versions prior to 2.1 (3558) are vulnerable; other versions may also be affected.