rpm package
opensuse/pidgin&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/pidgin&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-2640 | Hig | 7.5 | < 2.14.7-1.1 | 2.14.7-1.1 | Jul 27, 2018 | An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process. | |
| CVE-2008-3532 | — | < 2.14.7-1.1 | 2.14.7-1.1 | Aug 8, 2008 | The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. | ||
| CVE-2008-2927 | — | < 2.14.7-1.1 | 2.14.7-1.1 | Jul 7, 2008 | Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a | ||
| CVE-2008-2955 | — | < 2.14.7-1.1 | 2.14.7-1.1 | Jul 1, 2008 | Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function. |
- affected < 2.14.7-1.1fixed 2.14.7-1.1
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
- CVE-2008-3532Aug 8, 2008affected < 2.14.7-1.1fixed 2.14.7-1.1
The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.
- CVE-2008-2927Jul 7, 2008affected < 2.14.7-1.1fixed 2.14.7-1.1
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a
- CVE-2008-2955Jul 1, 2008affected < 2.14.7-1.1fixed 2.14.7-1.1
Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.