VYPR

rpm package

opensuse/pidgin&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/pidgin&distro=openSUSE%20Tumbleweed

Vulnerabilities (4)

  • CVE-2017-2640HigJul 27, 2018
    affected < 2.14.7-1.1fixed 2.14.7-1.1

    An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.

  • CVE-2008-3532Aug 8, 2008
    affected < 2.14.7-1.1fixed 2.14.7-1.1

    The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.

  • CVE-2008-2927Jul 7, 2008
    affected < 2.14.7-1.1fixed 2.14.7-1.1

    Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a

  • CVE-2008-2955Jul 1, 2008
    affected < 2.14.7-1.1fixed 2.14.7-1.1

    Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.