Gaim contains a flaw in HTML processing that may result in an invalid memory access and denial of service condition.
From the Gaim project:
Gaim is a multi-protocol instant messaging (IM) client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ (Oscar protocol), MSN Messenger, Yahoo!, IRC, Jabber, Gadu-Gadu, SILC, GroupWise Messenger, and Zephyr networks
Gaim is susceptible to receiving a malformed HTML message which may result in an invalid memory access.
A remote attacker can cause Gaim to crash, causing a denial of service condition.
Apply an update
This flaw has been fixed in Gaim 1.1.4. All users may download an update at the Gaim Downloads page.
As a best practice and potential workaround, users should not accept unexpected messages from unknown sources.
Vendor| Status| Date Notified| Date Updated
Gaim| | -| 28 Feb 2005
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
Thanks to the Gaim project for reporting this vulnerability.
This document was written by Ken MacInnis based primarily on information from the Gaim project.