Vulnerabilities > Pidgin > Pidgin > 2.5.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-02-16 | CVE-2013-0272 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pidgin Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header. | 6.8 |
| 2013-02-16 | CVE-2013-0271 | Arbitrary File Overwrite vulnerability in Pidgin 'Libpurple' The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname. | 5.0 |
| 2012-08-08 | CVE-2011-4922 | Information Exposure vulnerability in Pidgin cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents. | 2.1 |
| 2012-07-07 | CVE-2012-3374 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pidgin Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message. | 7.5 |
| 2012-07-03 | CVE-2012-2318 | Improper Input Validation vulnerability in Pidgin msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message. | 5.0 |
| 2012-07-03 | CVE-2012-2214 | Resource Management Errors vulnerability in Pidgin proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests. | 3.5 |
| 2012-03-15 | CVE-2012-1178 | Resource Management Errors vulnerability in Pidgin The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding. | 5.0 |
| 2012-03-15 | CVE-2011-4939 | Permissions, Privileges, and Access Controls vulnerability in Pidgin The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room. | 6.4 |
| 2011-12-25 | CVE-2011-4601 | Improper Input Validation vulnerability in Pidgin family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition. | 5.0 |
| 2011-12-17 | CVE-2011-4603 | Improper Input Validation vulnerability in Pidgin The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594. | 5.0 |