Vulnerability Report

CVE-2011-1000

Title: Freedesktop Telepathy Gabble Improper Input Validation

Input Validation Error

Proof Of Concept

No public PoC currently indexed for CVE-2011-1000.

CWE Category CWE-20

Published Date Feb 19, 2011

Modified Date Apr 29, 2026

Exploit Status Not Found

Score 6.4 CVSS v2.0

Exploit Probability (EPSS)

2.90%

Vulnerability Summary

CVE-2011-1000: jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media.

Impacted Vendors

freedesktop 1

simon_mcvittie 1

Reference Links

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054324.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054409.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054575.html http://secunia.com/advisories/43316 http://secunia.com/advisories/43369 http://secunia.com/advisories/43404 http://secunia.com/advisories/43485 http://secunia.com/advisories/43545 http://secunia.com/advisories/44023 http://www.debian.org/security/2011/dsa-2169 http://www.openwall.com/lists/oss-security/2011/02/17/4 http://www.openwall.com/lists/oss-security/2011/02/17/7 http://www.securityfocus.com/bid/46440 http://www.ubuntu.com/usn/USN-1067-1 http://www.vupen.com/english/advisories/2011/0412 http://www.vupen.com/english/advisories/2011/0428 http://www.vupen.com/english/advisories/2011/0537 http://www.vupen.com/english/advisories/2011/0572 http://www.vupen.com/english/advisories/2011/0901 https://bugs.freedesktop.org/show_bug.cgi?id=34048 https://exchange.xforce.ibmcloud.com/vulnerabilities/65523 https://hermes.opensuse.org/messages/7848248 http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054324.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054409.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054575.html http://secunia.com/advisories/43316 http://secunia.com/advisories/43369 http://secunia.com/advisories/43404 http://secunia.com/advisories/43485 http://secunia.com/advisories/43545 http://secunia.com/advisories/44023 http://www.debian.org/security/2011/dsa-2169 http://www.openwall.com/lists/oss-security/2011/02/17/4 http://www.openwall.com/lists/oss-security/2011/02/17/7 http://www.securityfocus.com/bid/46440 http://www.ubuntu.com/usn/USN-1067-1 http://www.vupen.com/english/advisories/2011/0412 http://www.vupen.com/english/advisories/2011/0428 http://www.vupen.com/english/advisories/2011/0537 http://www.vupen.com/english/advisories/2011/0572 http://www.vupen.com/english/advisories/2011/0901 https://bugs.freedesktop.org/show_bug.cgi?id=34048 https://exchange.xforce.ibmcloud.com/vulnerabilities/65523 https://hermes.opensuse.org/messages/7848248

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

6.4

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:N/C:P/I:P/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2011-1000 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 29, 2026 MODIFIED

Vulnerability data updated via NVD.

April 11, 2025 MODIFIED

Vulnerability data or affected products updated.

February 19, 2011 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:L/Au:N/C:P/I:P/A:N

Affected Stack

No specific products linked.