search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Gaim vulnerable to DoS via specially crafted HTML

Vulnerability Note VU#795812

Original Release Date: 2005-02-28 | Last Revised: 2005-02-28


Gaim contains a flaw in HTML processing that may result in an invalid memory access and denial of service condition.


From the Gaim project:

Gaim is a multi-protocol instant messaging (IM) client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ (Oscar protocol), MSN Messenger, Yahoo!, IRC, Jabber, Gadu-Gadu, SILC, GroupWise Messenger, and Zephyr networks

Gaim is susceptible to receiving a malformed HTML message which may result in an invalid memory access.


A remote attacker can cause Gaim to crash, causing a denial of service condition.


Apply an update
This flaw has been fixed in Gaim 1.1.4. All users may download an update at the Gaim Downloads page.

As a best practice and potential workaround, users should not accept unexpected messages from unknown sources.

Vendor Information


Gaim Affected

Updated:  February 28, 2005



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


The Gaim project has issued a Gaim Vulnerability note regarding this flaw.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector



Thanks to the Gaim project for reporting this vulnerability.

This document was written by Ken MacInnis based primarily on information from the Gaim project.

Other Information

CVE IDs: CVE-2005-0208
Severity Metric: 1.28
Date Public: 2005-02-28
Date First Published: 2005-02-28
Date Last Updated: 2005-02-28 21:12 UTC
Document Revision: 8

Sponsored by CISA.