Gaim is a multi-protocol instant messenger available for a number of operating systems. It includes a feature that requires Gaim to decode MIME-encoded data. There is a buffer overflow vulnerability in the gaim_quotedp_decode() function. This function fails to properly allocate memory for quoted printable strings, which could result in a pointer referencing a memory location beyond the terminating null byte.
An unauthenticated, remote attacker may cause a denial of service or potentially execute code of the attacker's choice.
This vulnerability was publicly reported by Stefan Esser of e-matters.
This document was written by Damon Morda.
|Date First Published:||2004-04-30|
|Date Last Updated:||2004-05-06 18:20 UTC|