Gadu-gadu » Gadu-gadu Instant Messenger : Security Vulnerabilities, CVEs, Published In 2004
Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image file, which could be used in conjunction with image-related vulnerabilities.
Max CVSS
5.0
EPSS Score
3.97%
Published
2004-12-31
Updated
2017-07-11
Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message.
Max CVSS
7.5
EPSS Score
3.41%
Published
2004-09-12
Updated
2017-07-11
Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of service (application hang) via a message that contains many special strings that are converted to images.
Max CVSS
5.0
EPSS Score
0.31%
Published
2004-12-31
Updated
2016-10-18
Gadu-Gadu build 155 and earlier allows remote attackers to cause a denial of service (infinite loop) via a message that contains an image whose filename does not start with restricted characters.
Max CVSS
2.6
EPSS Score
0.71%
Published
2004-12-31
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing error message, a different vulnerability than CVE-2004-1229.
Max CVSS
4.3
EPSS Score
0.26%
Published
2004-12-31
Updated
2016-10-18
5 vulnerabilities found