OpenBSD VuXML: Documenting security issues in the OpenBSD Ports & Packages Collection

gaim -- multiple vulnerabilities

Affected packages
gaim < 1.2.1

Details

VuXML ID 99158684-a791-11d9-93dc-00065bd5b0b6
Discovery 2005-04-04
Entry 2005-04-07

The gaim_markup_strip_html function in Gaim 1.2.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a string that contains malformed HTML, which causes an out-of-bounds read.

[source]

The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.

[source]

Sending a Gaim Jabber user a certain invalid file transfer request triggers an out-of-bounds read which causes Gaim to crash.

[source]

References

CVE Name CAN-2005-0965
CVE Name CAN-2005-0966
CVE Name CAN-2005-0967
URL http://gaim.sourceforge.net/security/?id=13
URL http://gaim.sourceforge.net/security/?id=14
URL http://gaim.sourceforge.net/security/?id=15

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.