Gadu-gadu Gadu-gadu Instant Messenger — known CVE vulnerabilities
Every CVE whose affected-product data names Gadu-gadu Gadu-gadu Instant Messenger, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2004-1232 — CVSS 10.0 (critical): Stack-based buffer overflow in the code that sends images in Gadu-Gadu allows remote attackers to execute arbitrary code via a large image…
CVE-2005-3890 — CVSS 7.8 (high): Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash and configuration loss) via a page with a large number of gg…
CVE-2005-3888 — CVSS 7.8 (high): Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code other than 2 and a…
CVE-2005-3891 — CVSS 7.8 (high): Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash) via an image filename between…
CVE-2004-1676 — CVSS 7.5 (high): Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a…
CVE-2004-1229 — CVSS 7.5 (high): Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1)…
CVE-2005-3887 — CVSS 5.4 (medium): Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a denial of service…
CVE-2004-2529 — CVSS 5.0 (medium): Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image file, which could be used in conjunction…
CVE-2004-1230 — CVSS 5.0 (medium): Gadu-Gadu allows remote attackers to gain sensitive information and read files from the _cache directory of other users via a DCC…
CVE-2004-1231 — CVSS 5.0 (medium): Directory traversal vulnerability in Gadu-Gadu allows remote attackers to read arbitrary files via .. (dot dot) sequences in a DCC…
CVE-2004-1233 — CVSS 5.0 (medium): Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service (disk consumption) via a user packet to the DCC file…
CVE-2004-1414 — CVSS 5.0 (medium): Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of service (application hang) via a message that contains many special…
CVE-2005-3892 — CVSS 5.0 (medium): Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can…
CVE-2004-1410 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a…
CVE-2007-6411 — CVSS 4.3 (medium): Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote…
CVE-2007-6409 — CVSS 4.3 (medium): The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which…
CVE-2007-6410 — CVSS 4.3 (medium): Gadu-Gadu does not properly perform protocol handling, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks…
CVE-2004-1411 — CVSS 2.6 (low): Gadu-Gadu build 155 and earlier allows remote attackers to cause a denial of service (infinite loop) via a message that contains an image…