Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Gaim
(Rob_flynn)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 26 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2005-05-02 | CVE-2005-0967 | Gaim 1.2.0 allows remote attackers to cause a denial of service (application crash) via a malformed file transfer request to a Jabber user, which leads to an out-of-bounds read. | Gaim | N/A | ||
| 2005-05-02 | CVE-2005-0966 | The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions. | Gaim | N/A | ||
| 2005-05-02 | CVE-2005-0965 | The gaim_markup_strip_html function in Gaim 1.2.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a string that contains malformed HTML, which causes an out-of-bounds read. | Gaim | N/A | ||
| 2005-05-02 | CVE-2005-0573 | Gaim 1.1.3 on Windows systems allows remote attackers to cause a denial of service (client crash) via a file transfer in which the filename contains "(" or ")" (parenthesis) characters. | Gaim | N/A | ||
| 2005-03-14 | CVE-2005-0473 | The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208. | Mandrake_linux, Mandrake_linux_corporate_server, Enterprise_linux, Enterprise_linux_desktop, Gaim | N/A | ||
| 2005-03-14 | CVE-2005-0472 | Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ. | Mandrake_linux, Mandrake_linux_corporate_server, Enterprise_linux, Enterprise_linux_desktop, Gaim | N/A | ||
| 2005-05-02 | CVE-2005-0208 | The HTML parsing functions in Gaim before 1.1.4 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0473. | Gaim | N/A | ||
| 2004-12-31 | CVE-2004-2589 | Gaim before 0.82 allows remote servers to cause a denial of service (application crash) via a long HTTP Content-Length header, which causes Gaim to abort when attempting to allocate memory. | Gaim | N/A | ||
| 2005-01-27 | CVE-2004-0891 | Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer. | Linux, Gaim, Slackware_linux, Ubuntu_linux | N/A | ||
| 2004-10-20 | CVE-2004-0785 | Multiple buffer overflows in Gaim before 0.82 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Rich Text Format (RTF) messages, (2) a long hostname for the local system as obtained from DNS, or (3) a long URL that is not properly handled by the URL decoder. | Gaim | N/A |