Gadu-Gadu allows remote attackers to bypass the image send option by sending a very small image file, which could be used in conjunction with image-related vulnerabilities.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Gadu-gadu_instant_messenger | Gadu-gadu | 6.0 (including) | 6.0 (including) |
| Gadu-gadu_instant_messenger | Gadu-gadu | 6.0_build149 (including) | 6.0_build149 (including) |
| Gadu-gadu_instant_messenger | Gadu-gadu | 6.0_build150 (including) | 6.0_build150 (including) |
| Gadu-gadu_instant_messenger | Gadu-gadu | 6.0_build151 (including) | 6.0_build151 (including) |
| Gadu-gadu_instant_messenger | Gadu-gadu | 6.0_build152 (including) | 6.0_build152 (including) |
| Gadu-gadu_instant_messenger | Gadu-gadu | 6.0_build153 (including) | 6.0_build153 (including) |
| Gadu-gadu_instant_messenger | Gadu-gadu | 6.0_build154 (including) | 6.0_build154 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=110295777306493\u0026w=2
- http://secunia.com/advisories/13450
- http://www.man.poznan.pl/~security/gg-adv.txt
- http://www.osvdb.org/12520
- http://www.securityfocus.com/bid/11899
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18463
- http://marc.info/?l=bugtraq\u0026m=110295777306493\u0026w=2
- http://secunia.com/advisories/13450
- http://www.man.poznan.pl/~security/gg-adv.txt
- http://www.osvdb.org/12520
- http://www.securityfocus.com/bid/11899
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18463