Pidgin
Source repositories
CVEs (89)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-3185 | 0.00 | — | 0.05 | Aug 29, 2011 | gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message. | |||
| CVE-2011-3184 | 0.00 | — | 0.04 | Aug 29, 2011 | The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors… | |||
| CVE-2011-2943 | 0.00 | — | 0.04 | Aug 29, 2011 | The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and… | |||
| CVE-2011-1091 | 0.00 | — | 0.03 | Mar 14, 2011 | libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers… | |||
| CVE-2010-4528 | 0.00 | — | 0.03 | Jan 7, 2011 | directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection)… | |||
| CVE-2010-3711 | 0.00 | — | 0.03 | Oct 28, 2010 | libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins… | |||
| CVE-2010-2528 | 0.00 | — | 0.02 | Jul 30, 2010 | The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag… | |||
| CVE-2010-1624 | 0.00 | — | 0.06 | May 14, 2010 | The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message. | |||
| CVE-2010-0423 | 0.00 | — | 0.02 | Feb 24, 2010 | gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat. | |||
| CVE-2010-0420 | 0.00 | — | 0.03 | Feb 24, 2010 | libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname. | |||
| CVE-2010-0277 | 0.00 | — | 0.02 | Jan 9, 2010 | slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request… | |||
| CVE-2009-3615 | 0.00 | — | 0.03 | Oct 20, 2009 | The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client. | |||
| CVE-2009-3085 | 0.00 | — | 0.02 | Sep 8, 2009 | The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images. | |||
| CVE-2009-3084 | 0.00 | — | 0.03 | Sep 8, 2009 | The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to… | |||
| CVE-2009-3083 | 0.00 | — | 0.03 | Sep 8, 2009 | The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain… | |||
| CVE-2009-2703 | 0.00 | — | 0.02 | Sep 8, 2009 | libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string. | |||
| CVE-2009-3026 | 0.00 | — | 0.01 | Aug 31, 2009 | protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the… | |||
| CVE-2009-3025 | 0.00 | — | 0.02 | Aug 31, 2009 | Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM. | |||
| CVE-2009-1889 | 0.00 | — | 0.03 | Jul 1, 2009 | The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large… | |||
| CVE-2009-1375 | 0.00 | — | 0.02 | May 26, 2009 | The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime… |
- CVE-2011-3185Aug 29, 2011risk 0.00cvss —epss 0.05
gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message.
- CVE-2011-3184Aug 29, 2011risk 0.00cvss —epss 0.04
The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors…
- CVE-2011-2943Aug 29, 2011risk 0.00cvss —epss 0.04
The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and…
- CVE-2011-1091Mar 14, 2011risk 0.00cvss —epss 0.03
libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers…
- CVE-2010-4528Jan 7, 2011risk 0.00cvss —epss 0.03
directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection)…
- CVE-2010-3711Oct 28, 2010risk 0.00cvss —epss 0.03
libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins…
- CVE-2010-2528Jul 30, 2010risk 0.00cvss —epss 0.02
The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag…
- CVE-2010-1624May 14, 2010risk 0.00cvss —epss 0.06
The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message.
- CVE-2010-0423Feb 24, 2010risk 0.00cvss —epss 0.02
gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat.
- CVE-2010-0420Feb 24, 2010risk 0.00cvss —epss 0.03
libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname.
- CVE-2010-0277Jan 9, 2010risk 0.00cvss —epss 0.02
slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request…
- CVE-2009-3615Oct 20, 2009risk 0.00cvss —epss 0.03
The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.
- CVE-2009-3085Sep 8, 2009risk 0.00cvss —epss 0.02
The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images.
- CVE-2009-3084Sep 8, 2009risk 0.00cvss —epss 0.03
The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to…
- CVE-2009-3083Sep 8, 2009risk 0.00cvss —epss 0.03
The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain…
- CVE-2009-2703Sep 8, 2009risk 0.00cvss —epss 0.02
libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string.
- CVE-2009-3026Aug 31, 2009risk 0.00cvss —epss 0.01
protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the…
- CVE-2009-3025Aug 31, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM.
- CVE-2009-1889Jul 1, 2009risk 0.00cvss —epss 0.03
The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large…
- CVE-2009-1375May 26, 2009risk 0.00cvss —epss 0.02
The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime…
Page 4 of 5