CVE-2005-0965

The gaim_markup_strip_html function in Gaim 1.2.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a string that contains malformed HTML, which causes an out-of-bounds read.

CVE-2005-1261

Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL.

CVE-2005-0208

The HTML parsing functions in Gaim before 1.1.4 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0473.

CVE-2005-0966

The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3...

CVE-2005-0967

Gaim 1.2.0 allows remote attackers to cause a denial of service (application crash) via a malformed file transfer request to a Jabber user, which leads to an out-of-bounds read.

CVE-2005-1262

Gaim 1.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed MSN message.

CVE-2005-0573

Gaim 1.1.3 on Windows systems allows remote attackers to cause a denial of service (client crash) via a file transfer in which the filename contains "(" or ")" (parenthesis) characters.