Vulnerabilities > Pidgin > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-02-06 | CVE-2013-6490 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pidgin The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow. | 10.0 |
2014-02-06 | CVE-2013-6486 | Improper Input Validation vulnerability in Pidgin gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. | 9.3 |
2011-08-29 | CVE-2011-3185 | Improper Input Validation vulnerability in Pidgin gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message. | 9.3 |
2009-08-21 | CVE-2009-2694 | Resource Management Errors vulnerability in multiple products The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. | 10.0 |
2009-08-03 | CVE-2009-2404 | Buffer Errors vulnerability in Mozilla Network Security Services 3.12.3 Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function. | 9.3 |
2007-07-17 | CVE-2007-3841 | Remote Command Execution vulnerability in Pidgin 2.0.2 Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. | 9.0 |