Rob Flynn: >> Gaim >> 1.0.1 Security Vulnerabilities
The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) via a filename that contains invalid UTF-8 characters.
CVSS Score
5.0
EPSS Score
0.013
Published
2005-08-16
Gaim before 1.3.1 allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name.
CVSS Score
5.0
EPSS Score
0.025
Published
2005-06-16
Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL.
CVSS Score
7.5
EPSS Score
0.162
Published
2005-05-11
Gaim 1.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed MSN message.
CVSS Score
5.0
EPSS Score
0.013
Published
2005-05-11
Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.
CVSS Score
5.0
EPSS Score
0.082
Published
2005-03-14
The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.
CVSS Score
5.0
EPSS Score
0.185
Published
2005-03-14
Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
CVSS Score
10.0
EPSS Score
0.054
Published
2005-01-27