VYPR

Gaim

by Gaim

CVEs (29)

  • CVE-2005-2103CriAug 16, 2005
    risk 0.68cvss 9.8epss 0.16

    Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.

  • CVE-2004-0005CriMar 3, 2004
    risk 0.65cvss 9.8epss 0.11

    Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer…

  • CVE-2005-1261May 11, 2005
    risk 0.04cvss epss 0.12

    Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL.

  • CVE-2005-2225Jul 12, 2005
    risk 0.01cvss epss 0.16

    Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is…

  • CVE-2004-0891Jan 27, 2005
    risk 0.01cvss epss 0.07

    Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes…

  • CVE-2004-0007Mar 3, 2004
    risk 0.01cvss epss 0.07

    Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code.

  • CVE-2004-0006Mar 3, 2004
    risk 0.01cvss epss 0.08

    Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long…

  • CVE-2004-0008Mar 3, 2004
    risk 0.01cvss epss 0.09

    Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.

  • CVE-2005-2102Aug 16, 2005
    risk 0.00cvss epss 0.02

    The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) via a filename that contains invalid UTF-8 characters.

  • CVE-2005-2370Jul 26, 2005
    risk 0.00cvss epss 0.02

    Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message.

  • CVE-2005-1269Jun 16, 2005
    risk 0.00cvss epss 0.02

    Gaim before 1.3.1 allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name.

  • CVE-2005-1934May 19, 2005
    risk 0.00cvss epss 0.02

    Gaim before 1.3.1 allows remote attackers to cause a denial of service (crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error.

  • CVE-2005-1262May 11, 2005
    risk 0.00cvss epss 0.02

    Gaim 1.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed MSN message.

  • CVE-2005-0967May 2, 2005
    risk 0.00cvss epss 0.03

    Gaim 1.2.0 allows remote attackers to cause a denial of service (application crash) via a malformed file transfer request to a Jabber user, which leads to an out-of-bounds read.

  • CVE-2005-0573May 2, 2005
    risk 0.00cvss epss 0.01

    Gaim 1.1.3 on Windows systems allows remote attackers to cause a denial of service (client crash) via a file transfer in which the filename contains "(" or ")" (parenthesis) characters.

  • CVE-2005-0966May 2, 2005
    risk 0.00cvss epss 0.02

    The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via…

  • CVE-2005-0208May 2, 2005
    risk 0.00cvss epss 0.03

    The HTML parsing functions in Gaim before 1.1.4 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0473.

  • CVE-2005-0965May 2, 2005
    risk 0.00cvss epss 0.02

    The gaim_markup_strip_html function in Gaim 1.2.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a string that contains malformed HTML, which causes an out-of-bounds read.

  • CVE-2005-0472Mar 14, 2005
    risk 0.00cvss epss 0.05

    Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.

  • CVE-2005-0473Mar 14, 2005
    risk 0.00cvss epss 0.03

    The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.

Page 1 of 2