CVE-2011-2943

The ircmsgwho function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service NULL pointer dereference and application crash via a...

CVE-2011-2943

The ircmsgwho function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service NULL pointer dereference and application crash via a...

CVE-2011-3184

The msnhttpconnparsedata function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service incorrect memory access and application crash via vectors involving a crafted...

Pidgin: Multiple NULL pointer dereference flaws in Yahoo protocol plug-in

libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows 1 remote authenticated users to cause a denial of service NULL pointer dereference and application crash via a malformed YMSG notification packet, and allows 2 remote Yahoo! servers to cause a denial of...

CVE-2011-1091

libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows 1 remote authenticated users to cause a denial of service NULL pointer dereference and application crash via a malformed YMSG notification packet, and allows 2 remote Yahoo! servers to cause a denial of...

Security fix for the ALT Linux 6 package pidgin version 2.7.11-alt1

March 14, 2011 Alexey Shabalin 2.7.11-alt1 - 2.7.11 - CVE-2011-1091: remote denial of service in Yahoo protocol plugin...

Security fix for the ALT Linux 5 package pidgin-mini version 2.7.11-alt1

March 12, 2011 Slava Semushin 2.7.11-alt1 - Updated to 2.7.11 + CVE-2011-1091: remote denial of service in Yahoo protocol plugin...

CVE-2010-2528

The clientautoresp function in familyicbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service NULL pointer dereference and application crash via an X-Status message that lacks the expected end tag for a 1 desc or 2 titl...

DEBIAN-CVE-2010-2528

The clientautoresp function in familyicbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service NULL pointer dereference and application crash via an X-Status message that lacks the expected end tag for a 1 desc or 2 titl...

CVE-2010-2528

The CVE-2010-2528 issue affects Pidgin (libpurple) using the Oscar protocol plugin. Vulnerable component: clientautoresp function in family_icbm.c, prior to Pidgin 2.7.2. Root cause: X-Status messages lacking the end tag for a desc or title element are not handled correctly, enabling a remote aut...

CVE-2010-1624

The msnemoticonmsg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service NULL pointer dereference and application crash via a custom emoticon in a malformed SLP message...

Mandriva Linux Security Advisory : pidgin (MDVSA-2010:041)

Multiple security vulnerabilities has been identified and fixed in pidgin : Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly CVE-2010-0277. In a user in a multi-user chat room has a nickname containi...

pidgin/libpurple: MSN custom smiley request directory traversal file disclosure

Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. dot dot in an application/x-msnmsgrp2p MSN emoticon aka custom smiley request, a related issue to CVE-2004-0122. NOTE: it cou...

Mandriva Linux Security Advisory : pidgin (MDVSA-2010:001)

Security vulnerabilities has been identified and fixed in pidgin : The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service application crash via crafted contact-list data for 1 ICQ and possibly 2 AIM, as demonstrate...

CVE-2010-0277

CVE-2010-0277 concerns the MSN protocol plugin (libpurple/Pidgin) where, prior to versions around 2.6.6, a malformed MSNSLP INVITE in an SLP message could trigger a remote crash/memory corruption. Affected products and timelines in the provided documents show this as a remote crash/DoS vulnerabil...

CVE-2010-0277

slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service memory corruption and application crash or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a...

Mandriva Linux Security Advisory : pidgin (MDVSA-2009:321)

Security vulnerabilities has been identified and fixed in pidgin : The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. CVE-2008-3532 Pidgin 2.4....

Pidgin: Invalid pointer dereference (crash) after receiving contacts from SIM IM client

The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service application crash via crafted contact-list data for 1 ICQ and possibly 2 AIM, as demonstrated by the SIM IM client...

Pidgin: NULL pointer dereference by handling IRC topic(s) (DoS)

libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service NULL pointer dereference and application crash via a TOPIC message that lacks a topic string...

DEBIAN-CVE-2009-3615

The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service application crash via crafted contact-list data for 1 ICQ and possibly 2 AIM, as demonstrated by the SIM IM client...