Vulnerabilities > Pidgin > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-11-04 | CVE-2011-3594 | Buffer Errors vulnerability in Pidgin Libpurple and Pidgin The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2. | 4.3 |
2011-08-29 | CVE-2011-3184 | Resource Management Errors vulnerability in Pidgin The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message. | 4.3 |
2011-08-29 | CVE-2011-2943 | Denial of Service and Security Bypass vulnerability in Pidgin Libpurple and Pidgin The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response. network pidgin | 4.3 |
2011-01-07 | CVE-2010-4528 | Improper Input Validation vulnerability in Pidgin Libpurple and Pidgin directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session. | 4.0 |
2010-10-28 | CVE-2010-3711 | Improper Input Validation vulnerability in Pidgin libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support. | 4.0 |
2010-10-08 | CVE-2010-3088 | Code Injection vulnerability in Jianping YU Pidgin-Knotify 0.1/0.1.2/0.2.0 The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0.2.1 and earlier for Pidgin allows remote attackers to execute arbitrary commands via shell metacharacters in a message. | 5.1 |
2010-07-30 | CVE-2010-2528 | Resource Management Errors vulnerability in Pidgin The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element. | 4.0 |
2010-02-24 | CVE-2010-0423 | Resource Management Errors vulnerability in Pidgin gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat. | 5.0 |
2010-02-24 | CVE-2010-0420 | Improper Input Validation vulnerability in Pidgin libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname. | 4.3 |
2010-01-09 | CVE-2010-0277 | Resource Management Errors vulnerability in multiple products slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013. | 5.0 |