CyberSec.Space Logo
Back to CVE Browser

CVE-2004-0005

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0910%
EPSS Percentile25.59th
PublishedMar 3, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte.

Affected Platforms (CPE)

πŸ“¦
Gaim Project

Gaim

= 0.75

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html
πŸ”— http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813
πŸ”— http://marc.info/?l=bugtraq&m=107513690306318&w=2
πŸ”— http://security.e-matters.de/advisories/012004.html
πŸ”— http://www.debian.org/security/2004/dsa-434
πŸ”— http://www.kb.cert.org/vuls/id/190366
πŸ”— http://www.kb.cert.org/vuls/id/226974
πŸ”— http://www.kb.cert.org/vuls/id/404470

Related Vulnerabilities

CVE-2004-089110.0

Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (applicati...

CVE-2009-269410.0

The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2...

CVE-2000-117210.0

Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol allows remote attackers to conduct a denial of service and pos...

CVE-2005-21039.8

Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application c...