VYPR

Pidgin

by Pidgin (software)

Source repositories

CVEs (89)

  • CVE-2013-6484Feb 6, 2014
    risk 0.00cvss epss 0.02

    The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error.

  • CVE-2013-6483Feb 6, 2014
    risk 0.00cvss epss 0.04

    The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer…

  • CVE-2013-6479Feb 6, 2014
    risk 0.00cvss epss 0.02

    util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response.

  • CVE-2013-6478Feb 6, 2014
    risk 0.00cvss epss 0.04

    gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip.

  • CVE-2013-6477Feb 6, 2014
    risk 0.00cvss epss 0.04

    Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message.

  • CVE-2012-6152Feb 6, 2014
    risk 0.00cvss epss 0.04

    The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences.

  • CVE-2013-0274Feb 16, 2013
    risk 0.00cvss epss 0.01

    upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.

  • CVE-2013-0273Feb 16, 2013
    risk 0.00cvss epss 0.03

    sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet.

  • CVE-2013-0272Feb 16, 2013
    risk 0.00cvss epss 0.03

    Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header.

  • CVE-2013-0271Feb 16, 2013
    risk 0.00cvss epss 0.03

    The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname.

  • CVE-2011-4922Aug 8, 2012
    risk 0.00cvss epss 0.00

    cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.

  • CVE-2012-2318Jul 3, 2012
    risk 0.00cvss epss 0.02

    msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message.

  • CVE-2012-2214Jul 3, 2012
    risk 0.00cvss epss 0.02

    proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests.

  • CVE-2012-2369May 23, 2012
    risk 0.00cvss epss 0.04

    Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message.

  • CVE-2012-1178Mar 15, 2012
    risk 0.00cvss epss 0.03

    The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding.

  • CVE-2011-4939Mar 15, 2012
    risk 0.00cvss epss 0.04

    The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room.

  • CVE-2011-4601Dec 25, 2011
    risk 0.00cvss epss 0.05

    family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated…

  • CVE-2011-4603Dec 17, 2011
    risk 0.00cvss epss 0.04

    The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a…

  • CVE-2011-4602Dec 17, 2011
    risk 0.00cvss epss 0.04

    The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.

  • CVE-2011-3594Nov 4, 2011
    risk 0.00cvss epss 0.03

    The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an…