CVE-2014-6610 Information

Description

Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6 when using the res_fax_spandsp module allows remote authenticated users to cause a denial of service (crash) via an out of call message which is not properly handled in the ReceiveFax dialplan application.

Reference

http://downloads.asterisk.org/pub/security/AST-2014-010.html