Total
89 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-3615 | 2 Adium, Pidgin | 2 Adium, Pidgin | 2024-02-04 | 5.0 MEDIUM | N/A |
The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client. | |||||
CVE-2009-1374 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet. | |||||
CVE-2009-2703 | 1 Pidgin | 2 Libpurple, Pidgin | 2024-02-04 | 5.0 MEDIUM | N/A |
libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string. | |||||
CVE-2009-2404 | 4 Aol, Gnome, Mozilla and 1 more | 7 Instant Messenger, Evolution, Firefox and 4 more | 2024-02-04 | 9.3 HIGH | N/A |
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function. | |||||
CVE-2008-2957 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 6.4 MEDIUM | N/A |
The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. | |||||
CVE-2009-3084 | 1 Pidgin | 2 Libpurple, Pidgin | 2024-02-04 | 5.0 MEDIUM | N/A |
The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name. | |||||
CVE-2007-3841 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 9.0 HIGH | N/A |
Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. | |||||
CVE-2007-4996 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 4.3 MEDIUM | N/A |
libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location." | |||||
CVE-2007-4999 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 4.3 MEDIUM | N/A |
libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996. |