Vulnerabilities > Pidgin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-06 | CVE-2016-2365 | NULL Pointer Dereference vulnerability in multiple products A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. | 4.3 |
| 2014-10-29 | CVE-2014-3698 | Information Exposure vulnerability in Pidgin The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message. | 5.0 |
| 2014-10-29 | CVE-2014-3697 | Path Traversal vulnerability in Pidgin Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme. | 6.4 |
| 2014-10-29 | CVE-2014-3696 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pidgin nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation. | 5.0 |
| 2014-10-29 | CVE-2014-3695 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pidgin markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response. | 5.0 |
| 2014-10-29 | CVE-2014-3694 | Cryptographic Issues vulnerability in multiple products The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 6.4 |
| 2014-02-06 | CVE-2013-6490 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pidgin The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow. | 10.0 |
| 2014-02-06 | CVE-2013-6489 | Numeric Errors vulnerability in Pidgin Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow. | 5.0 |
| 2014-02-06 | CVE-2013-6487 | Numeric Errors vulnerability in Pidgin Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow. | 7.5 |
| 2014-02-06 | CVE-2013-6482 | Improper Input Validation vulnerability in Pidgin Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header. | 5.0 |