Vulnerabilities > Pidgin > Pidgin > 2.5.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-12-17 | CVE-2011-4602 | Improper Input Validation vulnerability in Pidgin The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message. | 5.0 |
| 2011-08-29 | CVE-2011-3185 | Improper Input Validation vulnerability in Pidgin gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message. | 9.3 |
| 2011-08-29 | CVE-2011-3184 | Resource Management Errors vulnerability in Pidgin The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message. | 4.3 |
| 2011-08-29 | CVE-2011-2943 | Denial of Service and Security Bypass vulnerability in Pidgin Libpurple and Pidgin The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response. network pidgin | 4.3 |
| 2011-01-07 | CVE-2010-4528 | Improper Input Validation vulnerability in Pidgin Libpurple and Pidgin directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session. | 4.0 |
| 2010-10-28 | CVE-2010-3711 | Improper Input Validation vulnerability in Pidgin libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support. | 4.0 |
| 2010-07-30 | CVE-2010-2528 | Resource Management Errors vulnerability in Pidgin The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element. | 4.0 |
| 2010-02-24 | CVE-2010-0423 | Resource Management Errors vulnerability in Pidgin gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat. | 5.0 |
| 2010-02-24 | CVE-2010-0420 | Improper Input Validation vulnerability in Pidgin libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname. | 4.3 |
| 2010-01-09 | CVE-2010-0277 | Resource Management Errors vulnerability in multiple products slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013. | 5.0 |