Gadu-Gadu build 155 and earlier allows remote attackers to cause a denial of service (infinite loop) via a message that contains an image whose filename does not start with restricted characters.
https://exchange.xforce.ibmcloud.com/vulnerabilities/18580