VYPR

Pidgin

by Pidgin (software)

Source repositories

CVEs (89)

  • CVE-2011-3185Aug 29, 2011
    risk 0.00cvss epss 0.05

    gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message.

  • CVE-2011-3184Aug 29, 2011
    risk 0.00cvss epss 0.04

    The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors…

  • CVE-2011-2943Aug 29, 2011
    risk 0.00cvss epss 0.04

    The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and…

  • CVE-2011-1091Mar 14, 2011
    risk 0.00cvss epss 0.03

    libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers…

  • CVE-2010-4528Jan 7, 2011
    risk 0.00cvss epss 0.03

    directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection)…

  • CVE-2010-3711Oct 28, 2010
    risk 0.00cvss epss 0.03

    libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins…

  • CVE-2010-2528Jul 30, 2010
    risk 0.00cvss epss 0.02

    The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag…

  • CVE-2010-1624May 14, 2010
    risk 0.00cvss epss 0.06

    The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message.

  • CVE-2010-0423Feb 24, 2010
    risk 0.00cvss epss 0.02

    gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat.

  • CVE-2010-0420Feb 24, 2010
    risk 0.00cvss epss 0.03

    libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname.

  • CVE-2010-0277Jan 9, 2010
    risk 0.00cvss epss 0.02

    slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request…

  • CVE-2009-3615Oct 20, 2009
    risk 0.00cvss epss 0.03

    The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.

  • CVE-2009-3085Sep 8, 2009
    risk 0.00cvss epss 0.02

    The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images.

  • CVE-2009-3084Sep 8, 2009
    risk 0.00cvss epss 0.03

    The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to…

  • CVE-2009-3083Sep 8, 2009
    risk 0.00cvss epss 0.03

    The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain…

  • CVE-2009-2703Sep 8, 2009
    risk 0.00cvss epss 0.02

    libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string.

  • CVE-2009-3026Aug 31, 2009
    risk 0.00cvss epss 0.01

    protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the…

  • CVE-2009-3025Aug 31, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM.

  • CVE-2009-1889Jul 1, 2009
    risk 0.00cvss epss 0.03

    The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large…

  • CVE-2009-1375May 26, 2009
    risk 0.00cvss epss 0.02

    The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime…

Page 4 of 5