Gaim vulnerable to DoS via specially crafted HTML

ID VU:795812
Type cert
Reporter CERT
Modified 2005-02-28T00:00:00



Gaim contains a flaw in HTML processing that may result in an invalid memory access and denial of service condition.


From the Gaim project:

Gaim is a multi-protocol instant messaging (IM) client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ (Oscar protocol), MSN Messenger, Yahoo!, IRC, Jabber, Gadu-Gadu, SILC, GroupWise Messenger, and Zephyr networks

Gaim is susceptible to receiving a malformed HTML message which may result in an invalid memory access.


A remote attacker can cause Gaim to crash, causing a denial of service condition.


Apply an update
This flaw has been fixed in Gaim 1.1.4. All users may download an update at the Gaim Downloads page.

As a best practice and potential workaround, users should not accept unexpected messages from unknown sources.

Systems Affected

Vendor| Status| Date Notified| Date Updated
Gaim| | -| 28 Feb 2005
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A


  • <>
  • <>


Thanks to the Gaim project for reporting this vulnerability.

This document was written by Ken MacInnis based primarily on information from the Gaim project.

Other Information

  • CVE IDs: CAN-2005-0208
  • Date Public: 28 Feb 2005
  • Date First Published: 28 Feb 2005
  • Date Last Updated: 28 Feb 2005
  • Severity Metric: 1.28
  • Document Revision: 4