Kadu
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-6562 | 0.00 | — | 0.01 | Dec 20, 2023 | JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted the image that is displayed back to the attacker. | |||
| CVE-2019-5144 | 0.00 | — | 0.02 | Dec 12, 2019 | An exploitable heap underflow vulnerability exists in the derive_taps_and_gains function in kdu_v7ar.dll of Kakadu Software SDK 7.10.2. A specially crafted jp2 file can cause a heap overflow, which can result in remote code execution. An attacker could provide a malformed file… | |||
| CVE-2012-1410 | 0.00 | — | 0.03 | Feb 29, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description. | |||
| CVE-2006-0768 | 0.00 | — | 0.02 | Feb 18, 2006 | Kadu 0.4.3 allows remote attackers to cause a denial of service (application crash) via a large number of image send requests. | |||
| CVE-2005-3960 | 0.00 | — | 0.02 | Dec 1, 2005 | Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of service (crash or generated traffic) via a malformed message, possibly with incomplete information. | |||
| CVE-2005-1852 | 0.00 | — | 0.05 | Jul 26, 2005 | Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message. |
- CVE-2023-6562Dec 20, 2023risk 0.00cvss —epss 0.01
JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted the image that is displayed back to the attacker.
- CVE-2019-5144Dec 12, 2019risk 0.00cvss —epss 0.02
An exploitable heap underflow vulnerability exists in the derive_taps_and_gains function in kdu_v7ar.dll of Kakadu Software SDK 7.10.2. A specially crafted jp2 file can cause a heap overflow, which can result in remote code execution. An attacker could provide a malformed file…
- CVE-2012-1410Feb 29, 2012risk 0.00cvss —epss 0.03
Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description.
- CVE-2006-0768Feb 18, 2006risk 0.00cvss —epss 0.02
Kadu 0.4.3 allows remote attackers to cause a denial of service (application crash) via a large number of image send requests.
- CVE-2005-3960Dec 1, 2005risk 0.00cvss —epss 0.02
Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of service (crash or generated traffic) via a malformed message, possibly with incomplete information.
- CVE-2005-1852Jul 26, 2005risk 0.00cvss —epss 0.05
Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.