Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instant messaging protocols, including the Yahoo Messenger (YMSG) protocol. There is a buffer overflow vulnerability in the yahoo_decode() function. This function fails to properly allocate memory for octal values, which could result in a pointer referencing a memory location beyond the terminating null byte.
An unauthenticated, remote attacker may cause a denial of service or potentially execute code of the attacker's choice.
This vulnerability was publicly reported by Stefan Esser of e-matters.
This document was written by Damon Morda.
|Date First Published:||2004-04-30|
|Date Last Updated:||2004-05-06 18:20 UTC|