CVE-2004-0005

Name of the Vulnerable Software and Affected Versions Gaim version 0.75

Description The issue involves multiple buffer overflows that allow remote attackers to cause a denial of service and possibly execute arbitrary code. This can occur through various means, including octal encoding in yahoo decode that causes a null byte to be written beyond the buffer, and quoted printable encoding in gaim quotedp decode that causes a pointer to reference memory beyond the terminating null byte.

Recommendations For Gaim version 0.75, consider disabling the yahoo decode and gaim quotedp decode functions until a patch is available to prevent potential exploitation. Restrict access to quoted printable strings in the gaim quotedp decode MIME decoder to minimize the risk of buffer overflows. Avoid using octal encoding in yahoo decode until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.