VYPR

Pidgin

by Pidgin (software)

Source repositories

CVEs (89)

  • CVE-2016-2380LowJan 6, 2017
    risk 0.20cvss 3.1epss 0.02

    An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and…

  • CVE-2009-2694Aug 21, 2009
    risk 0.05cvss epss 0.20

    The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application…

  • CVE-2009-1376May 26, 2009
    risk 0.04cvss epss 0.13

    Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute…

  • CVE-2008-2955Jul 1, 2008
    risk 0.04cvss epss 0.07

    Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.

  • CVE-2012-1257Nov 20, 2019
    risk 0.03cvss epss 0.01

    Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.

  • CVE-2013-6490Feb 6, 2014
    risk 0.01cvss epss 0.15

    The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow.

  • CVE-2013-6487Feb 6, 2014
    risk 0.01cvss epss 0.08

    Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow.

  • CVE-2012-3374Jul 7, 2012
    risk 0.01cvss epss 0.06

    Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message.

  • CVE-2022-26491May 31, 2022
    risk 0.00cvss epss 0.02

    An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain,…

  • CVE-2014-3698Oct 29, 2014
    risk 0.00cvss epss 0.04

    The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.

  • CVE-2014-3697Oct 29, 2014
    risk 0.00cvss epss 0.04

    Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme.

  • CVE-2014-3696Oct 29, 2014
    risk 0.00cvss epss 0.03

    nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.

  • CVE-2014-3695Oct 29, 2014
    risk 0.00cvss epss 0.03

    markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response.

  • CVE-2014-3694Oct 29, 2014
    risk 0.00cvss epss 0.02

    The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to…

  • CVE-2013-6489Feb 6, 2014
    risk 0.00cvss epss 0.06

    Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow.

  • CVE-2013-6482Feb 6, 2014
    risk 0.00cvss epss 0.02

    Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header.

  • CVE-2013-6481Feb 6, 2014
    risk 0.00cvss epss 0.04

    libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read.

  • CVE-2014-0020Feb 6, 2014
    risk 0.00cvss epss 0.03

    The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message.

  • CVE-2013-6486Feb 6, 2014
    risk 0.00cvss epss 0.04

    gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an…

  • CVE-2013-6485Feb 6, 2014
    risk 0.00cvss epss 0.02

    Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data.

Page 2 of 5