返回 CVE 瀏覽器

CVE-2004-0005

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0910%

EPSS Percentile25.59th

Published2004年3月3日

Last Modified2026年4月16日

Vulnerability Description

Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte.

Affected Platforms (CPE)

📦

Gaim Project

Gaim

= 0.75

References & Advisories

🔗 http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html

🔗 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813

🔗 http://marc.info/?l=bugtraq&m=107513690306318&w=2

🔗 http://security.e-matters.de/advisories/012004.html

🔗 http://www.debian.org/security/2004/dsa-434

🔗 http://www.kb.cert.org/vuls/id/190366

🔗 http://www.kb.cert.org/vuls/id/226974

🔗 http://www.kb.cert.org/vuls/id/404470

相關漏洞威脅

CVE-2004-089110.0

Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (applicati...

CVE-2009-269410.0

The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2...

CVE-2000-117210.0

Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol allows remote attackers to conduct a denial of service and pos...

CVE-2005-21039.8

Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application c...