Total
89 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-0273 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 5.0 MEDIUM | N/A |
sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet. | |||||
CVE-2012-2214 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 3.5 LOW | N/A |
proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests. | |||||
CVE-2012-2318 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 5.0 MEDIUM | N/A |
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message. | |||||
CVE-2012-2369 | 2 Cypherpunks, Pidgin | 2 Pidgin-otr, Pidgin | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message. | |||||
CVE-2011-4922 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 2.1 LOW | N/A |
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents. | |||||
CVE-2013-0271 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 5.0 MEDIUM | N/A |
The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname. | |||||
CVE-2013-0274 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 2.9 LOW | N/A |
upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network. | |||||
CVE-2013-0272 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 6.8 MEDIUM | N/A |
Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header. | |||||
CVE-2012-3374 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message. | |||||
CVE-2011-2943 | 1 Pidgin | 2 Libpurple, Pidgin | 2024-02-04 | 4.3 MEDIUM | N/A |
The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response. | |||||
CVE-2010-3088 | 2 Jianping Yu, Pidgin | 2 Pidgin-knotify, Pidgin | 2024-02-04 | 5.1 MEDIUM | N/A |
The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0.2.1 and earlier for Pidgin allows remote attackers to execute arbitrary commands via shell metacharacters in a message. | |||||
CVE-2011-1091 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 4.0 MEDIUM | N/A |
libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message. | |||||
CVE-2010-2528 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 4.0 MEDIUM | N/A |
The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element. | |||||
CVE-2010-0420 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 4.3 MEDIUM | N/A |
libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname. | |||||
CVE-2011-3594 | 1 Pidgin | 2 Libpurple, Pidgin | 2024-02-04 | 4.3 MEDIUM | N/A |
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2. | |||||
CVE-2011-3184 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 4.3 MEDIUM | N/A |
The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message. | |||||
CVE-2011-4939 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 6.4 MEDIUM | N/A |
The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room. | |||||
CVE-2011-3185 | 2 Microsoft, Pidgin | 2 Windows, Pidgin | 2024-02-04 | 9.3 HIGH | N/A |
gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message. | |||||
CVE-2011-4603 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 5.0 MEDIUM | N/A |
The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594. | |||||
CVE-2011-4602 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 5.0 MEDIUM | N/A |
The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message. |