VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 6, 2014· Updated Apr 29, 2026

CVE-2013-6478

CVE-2013-6478

Description

In Pidgin before 2.10.8, a crafted long URL examined with a tooltip triggers improper interaction with wide Pango layouts, causing a denial of service via application crash.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In Pidgin before 2.10.8, a crafted long URL examined with a tooltip triggers improper interaction with wide Pango layouts, causing a denial of service via application crash.

Vulnerability

In gtkimhtml.c of Pidgin prior to version 2.10.8, the application does not properly handle interaction with underlying library support for wide Pango layouts. When a user hovers over a long URL, triggering a tooltip, the incorrect layout handling can cause a crash. This issue is present in all versions before 2.10.8 [1].

Exploitation

An attacker must convince a user to view a crafted message containing a long URL. No authentication or network access beyond sending the message is required; the user action of hovering over the URL (i.e., user assistance) is necessary to trigger the tooltip examination [1].

Impact

Successful exploitation results in a denial of service via application crash. There is no indication of data compromise or privilege escalation; the impact is limited to temporary unavailability of the Pidgin client [1].

Mitigation

The fix was included in Pidgin version 2.10.8, released on 2014-02-06 [1]. Users should upgrade to this version or later. Red Hat Enterprise Linux 5 and 6 received updates as part of RHSA-2014-0139 [1]. No known workaround exists for versions prior to 2.10.8.

References
  1. https://rhn.redhat.com/errata/RHSA-2014-0139.html

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

54
  • Pidgin (software)/Pidgin54 versions
    cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*+ 53 more
    • cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*range: <=2.10.7
    • cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*
    • (no CPE)range: <2.10.8

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.