Vulnerabilities > Pidgin > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-06 | CVE-2016-2371 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. | 6.8 |
| 2017-01-06 | CVE-2016-2370 | Out-of-bounds Read vulnerability in multiple products A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. | 4.3 |
| 2017-01-06 | CVE-2016-2369 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. | 4.3 |
| 2017-01-06 | CVE-2016-2366 | Out-of-bounds Read vulnerability in multiple products A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. | 4.3 |
| 2017-01-06 | CVE-2016-2365 | NULL Pointer Dereference vulnerability in multiple products A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. | 4.3 |
| 2014-10-29 | CVE-2014-3698 | Information Exposure vulnerability in Pidgin The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message. | 5.0 |
| 2014-10-29 | CVE-2014-3697 | Path Traversal vulnerability in Pidgin Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme. | 6.4 |
| 2014-10-29 | CVE-2014-3696 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pidgin nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation. | 5.0 |
| 2014-10-29 | CVE-2014-3695 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pidgin markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response. | 5.0 |
| 2014-10-29 | CVE-2014-3694 | Cryptographic Issues vulnerability in multiple products The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 6.4 |