Gaim Vulnerability
| Title | Content-length DOS (malloc error) |
|---|
| Date | 26 August 2004 |
|---|
| CVE Name | N/A |
|---|
| Discovered By | Sean ("infamous42md") |
|---|
| Summary | Posibile for a malicious web server to provide a web page with a false content-length value which could crash Gaim. |
|---|
| Description | Remote crash. When a remote server provides a large "content-length" header value, Gaim will attempt to allocate a buffer to store the content, however this allocation attempt will cause Gaim to crash if the length exceeds the amount of possible memory. This happens when reading profile information on some protocols. It also happens when smiley themes are installed via drag and drop. |
|---|
| Fixed in Version | 0.82 |
|---|
| Fix | The call to g_malloc() was replaced with a call to g_try_malloc(). If the memory could not be allocated the function returns instead of causing the application to crash. |
|---|
Return to Index of Vulnerabilities
Gaim
