5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.078 Low
EPSS
Percentile
94.1%
Gaim contains a flaw in HTML processing that may result in an invalid memory access and denial of service condition.
From the Gaim project:
Gaim is a multi-protocol instant messaging (IM) client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ (Oscar protocol), MSN Messenger, Yahoo!, IRC, Jabber, Gadu-Gadu, SILC, GroupWise Messenger, and Zephyr networks
Gaim is susceptible to receiving a malformed HTML message which may result in an invalid memory access.
A remote attacker can cause Gaim to crash, causing a denial of service condition.
Apply an update
This flaw has been fixed in Gaim 1.1.4. All users may download an update at the Gaim Downloads page.
As a best practice and potential workaround, users should not accept unexpected messages from unknown sources.
795812
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: February 28, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The Gaim project has issued a Gaim Vulnerability note regarding this flaw.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23795812 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to the Gaim project for reporting this vulnerability.
This document was written by Ken MacInnis based primarily on information from the Gaim project.
CVE IDs: | CVE-2005-0208 |
---|---|
Severity Metric: | 1.28 Date Public: |