main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.
downloads.asterisk.org/pub/security/AST-2009-004.html
downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt
osvdb.org/56571
secunia.com/advisories/36039
www.securityfocus.com/bid/35837
www.securitytracker.com/id?1022608
www.vupen.com/english/advisories/2009/2067
exchange.xforce.ibmcloud.com/vulnerabilities/52046