Gaim
Sign in to watchby Rob Flynn
CVEs (26)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2005-1261 | 0.04 | — | 0.16 | May 11, 2005 | Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL. | ||
| CVE-2005-0473 | 0.02 | — | 0.21 | Mar 14, 2005 | The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208. | ||
| CVE-2004-0007 | 0.02 | — | 0.26 | Mar 3, 2004 | Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code. | ||
| CVE-2004-0008 | 0.02 | — | 0.20 | Mar 3, 2004 | Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow. | ||
| CVE-2005-0208 | 0.01 | — | 0.14 | May 2, 2005 | The HTML parsing functions in Gaim before 1.1.4 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0473. | ||
| CVE-2005-0472 | 0.01 | — | 0.08 | Mar 14, 2005 | Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ. | ||
| CVE-2004-0785 | 0.01 | — | 0.06 | Oct 20, 2004 | Multiple buffer overflows in Gaim before 0.82 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Rich Text Format (RTF) messages, (2) a long hostname for the local system as obtained from DNS, or (3) a long URL that is not properly handled by the URL decoder. | ||
| CVE-2004-0006 | 0.01 | — | 0.18 | Mar 3, 2004 | Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect. | ||
| CVE-2005-2102 | 0.00 | — | 0.01 | Aug 16, 2005 | The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) via a filename that contains invalid UTF-8 characters. | ||
| CVE-2005-2370 | 0.00 | — | 0.02 | Jul 26, 2005 | Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message. | ||
| CVE-2005-1269 | 0.00 | — | 0.03 | Jun 16, 2005 | Gaim before 1.3.1 allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name. | ||
| CVE-2005-1934 | 0.00 | — | 0.02 | May 19, 2005 | Gaim before 1.3.1 allows remote attackers to cause a denial of service (crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error. | ||
| CVE-2005-1262 | 0.00 | — | 0.01 | May 11, 2005 | Gaim 1.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed MSN message. | ||
| CVE-2005-0966 | 0.00 | — | 0.03 | May 2, 2005 | The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions. | ||
| CVE-2005-0965 | 0.00 | — | 0.02 | May 2, 2005 | The gaim_markup_strip_html function in Gaim 1.2.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a string that contains malformed HTML, which causes an out-of-bounds read. | ||
| CVE-2005-0967 | 0.00 | — | 0.04 | May 2, 2005 | Gaim 1.2.0 allows remote attackers to cause a denial of service (application crash) via a malformed file transfer request to a Jabber user, which leads to an out-of-bounds read. | ||
| CVE-2005-0573 | 0.00 | — | 0.01 | May 2, 2005 | Gaim 1.1.3 on Windows systems allows remote attackers to cause a denial of service (client crash) via a file transfer in which the filename contains "(" or ")" (parenthesis) characters. | ||
| CVE-2004-0891 | 0.00 | — | 0.05 | Jan 27, 2005 | Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer. | ||
| CVE-2004-2589 | 0.00 | — | 0.01 | Dec 31, 2004 | Gaim before 0.82 allows remote servers to cause a denial of service (application crash) via a long HTTP Content-Length header, which causes Gaim to abort when attempting to allocate memory. | ||
| CVE-2004-0754 | 0.00 | — | 0.06 | Oct 20, 2004 | Integer overflow in Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the size variable in Groupware server messages. |
Page 1 of 2