Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ekg | ekg | 1.0_rc2 |
| ekg | ekg | 1.5_rc2 |
| kde | kde | 3.4.0 |
| ekg | ekg | 1.1 |
| ekg | ekg | 1.3 |
| centericq | centericq | * |
| ekg | ekg | 1.0_rc3 |
| ekg | ekg | 1.0 |
| ekg | ekg | 1.1_rc2 |
| kde | kde | 3.3.2 |
| ekg | ekg | 1.1_rc1 |
| kde | kde | 3.3 |
| ekg | ekg | 1.5 |
| ekg | ekg | 1.4 |
| ekg | ekg | 1.5_rc1 |
| kde | kde | 3.4.1 |
| kde | kde | 3.3.1 |
| kadu | kadu | * |
| kde | kde | 3.2.3 |
| kde | kde | 3.4 |
Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of service (crash or generated traffic) via a malformed message, possibly with incomplete information.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kadu | kadu | 0.5_pre |
| kadu | kadu | 0.4.2 |
Kadu 0.4.3 allows remote attackers to cause a denial of service (application crash) via a large number of image send requests.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kadu | kadu | 0.4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kadu | kadu | 0.11.0 |
| kadu | kadu | 0.9.0 |
| kadu | kadu | 0.10.0 |