FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gaim -- remote DoS on receiving certain messages over IRC

Affected packages
gaim < 1.2.1
ja-gaim < 1.2.1
ko-gaim < 1.2.1
ru-gaim < 1.2.1

Details

VuXML ID ec09baa3-a9f5-11d9-a788-0001020eed82
Discovery 2005-04-02
Entry 2005-04-10

The GAIM team reports:

The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.

References

Bugtraq ID 13003
CVE Name CVE-2005-0966
URL http://gaim.sourceforge.net/security/?id=14