Gadu-Gadu Instant Messenger vulnerabilities
11 known vulnerabilities affecting gadu-gadu/gadu-gadu_instant_messenger.
Total CVEs
11
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM6LOW1
Vulnerabilities
Page 1 of 1
CVE-2004-1410P4MEDIUMCVSS 4.3PoCv6.0_build149v6.0_build150+5 more2004-12-31
CVE-2004-1410 [MEDIUM] CVE-2004-1410: Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers
Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing error message, a different vulnerability than CVE-2004-1229.
nvd
CVE-2004-1676P4HIGHCVSS 7.5v6.0v6.0_build1492004-09-12
CVE-2004-1676 [HIGH] CVE-2004-1676: Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote att
Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message.
nvd
CVE-2005-3891P4HIGHCVSS 7.8v7.202005-11-29
CVE-2005-3891 [HIGH] CVE-2005-3891: Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (
Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash) via an image filename between exactly 192 to 200 characters, which does not account for the "imgcache\" string that is added to the end of the buffer.
nvd
CVE-2005-3888P4HIGHCVSS 7.8v7.202005-11-29
CVE-2005-3888 [HIGH] CVE-2005-3888: Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC
Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code other than 2 and a large size field, which allocates memory for the packet but does not free it after the packet has been dropped.
nvd
CVE-2005-3890P4HIGHCVSS 7.8v7.202005-11-29
CVE-2005-3890 [HIGH] CVE-2005-3890: Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash and configuration loss) v
Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash and configuration loss) via a page with a large number of gg: URIs.
nvd
CVE-2007-6411P4MEDIUMCVSS 4.3v7.72007-12-17
CVE-2007-6411 [MEDIUM] CWE-119 CVE-2007-6411: Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build
Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots.txt file.
nvd
CVE-2004-2529P4MEDIUMCVSS 5.0v6.0v6.0_build149+5 more2004-12-31
CVE-2004-2529 [MEDIUM] CVE-2004-2529: Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image fi
Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image file, which could be used in conjunction with image-related vulnerabilities.
nvd
CVE-2005-3887P4MEDIUMCVSS 5.4v7.202005-11-29
CVE-2005-3887 [MEDIUM] CVE-2005-3887: Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attack
Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a denial of service (hang) via an image filename of AUX: sent twice (hang), or (2) write to the LPT1 port via a filename of "LPT1:".
nvd
CVE-2005-3892P4MEDIUMCVSS 5.0v7.202005-11-29
CVE-2005-3892 [MEDIUM] CVE-2005-3892: Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the Easyc
Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can initiate an outgoing phone call and listen to the microphone.
nvd
CVE-2004-1411P4LOWCVSS 2.6v6.0_build149v6.0_build150+5 more2004-12-31
CVE-2004-1411 [LOW] CVE-2004-1411: Gadu-Gadu build 155 and earlier allows remote attackers to cause a denial of service (infinite loop)
Gadu-Gadu build 155 and earlier allows remote attackers to cause a denial of service (infinite loop) via a message that contains an image whose filename does not start with restricted characters.
nvd
CVE-2004-1414P4MEDIUMCVSS 5.0v6.1_build1562004-12-31
CVE-2004-1414 [MEDIUM] CVE-2004-1414: Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of service (application hang) via
Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of service (application hang) via a message that contains many special strings that are converted to images.
nvd