The Gaim team discovered denial-of-service vulnerabilities in
the MSN protocol handler:
After accepting a file transfer request, Gaim will attempt
to allocate a buffer of a size equal to the entire filesize,
this allocation attempt will cause Gaim to crash if the size
exceeds the amount of available memory.
Gaim allocates a buffer for the payload of each message
received based on the size field in the header of the
message. A malicious peer could specify an invalid size that
exceeds the amount of available memory.