Gadu-Gadu: >> Gadu-Gadu Instant Messenger >> 7.20 Security Vulnerabilities
Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a denial of service (hang) via an image filename of AUX: sent twice (hang), or (2) write to the LPT1 port via a filename of "LPT1:".
CVSS Score
5.4
EPSS Score
0.014
Published
2005-11-29
Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code other than 2 and a large size field, which allocates memory for the packet but does not free it after the packet has been dropped.
CVSS Score
7.8
EPSS Score
0.019
Published
2005-11-29
Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code of 6 or 7, which triggers a large number of popup windows to the user and creates a large number of threads.
CVSS Score
7.8
EPSS Score
0.016
Published
2005-11-29
Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash and configuration loss) via a page with a large number of gg: URIs.
CVSS Score
7.8
EPSS Score
0.016
Published
2005-11-29
Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash) via an image filename between exactly 192 to 200 characters, which does not account for the "imgcache\" string that is added to the end of the buffer.
CVSS Score
7.8
EPSS Score
0.017
Published
2005-11-29
Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can initiate an outgoing phone call and listen to the microphone.
CVSS Score
5.0
EPSS Score
0.005
Published
2005-11-29