Vulnerabilities > Pidgin > Pidgin > 2.5.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-10-29 | CVE-2014-3697 | Path Traversal vulnerability in Pidgin Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme. | 6.4 |
2014-10-29 | CVE-2014-3696 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pidgin nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation. | 5.0 |
2014-10-29 | CVE-2014-3695 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pidgin markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response. | 5.0 |
2014-10-29 | CVE-2014-3694 | Cryptographic Issues vulnerability in multiple products The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 6.4 |
2014-02-06 | CVE-2013-6490 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pidgin The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow. | 10.0 |
2014-02-06 | CVE-2013-6489 | Numeric Errors vulnerability in Pidgin Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow. | 5.0 |
2014-02-06 | CVE-2013-6487 | Numeric Errors vulnerability in Pidgin Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow. | 7.5 |
2014-02-06 | CVE-2013-6482 | Improper Input Validation vulnerability in Pidgin Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header. | 5.0 |
2014-02-06 | CVE-2013-6481 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pidgin libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read. | 5.0 |
2014-02-06 | CVE-2014-0020 | Improper Input Validation vulnerability in Pidgin The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message. | 5.0 |