CVE-2005-3891

Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash) via an image filename between exactly 192 to 200 characters, which does not account for the "imgcache" string that is added to the end of the buffer.

Published: Nov 29, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-3891
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
gadu-gadu / gadu-gadu_instant_messenger	7.20	7.20.x

http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0658.html
http://marc.info/?l=bugtraq&m=113261573023912&w=2
http://secunia.com/advisories/17597/
http://www.osvdb.org/21016
http://www.securityfocus.com/bid/15520/
https://exchange.xforce.ibmcloud.com/vulnerabilities/23149

Vulnerability Database

290,278

CVE-2005-3891