Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Libpurple Security Vulnerabilities

cve
cve

CVE-2009-2703

libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string.

7.1AI Score

0.005EPSS

2009-09-08 06:30 PM
42
cve
cve

CVE-2009-3083

The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demons...

7.2AI Score

0.045EPSS

2009-09-08 06:30 PM
43
cve
cve

CVE-2009-3084

The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized va...

7.1AI Score

0.031EPSS

2009-09-08 06:30 PM
31
cve
cve

CVE-2009-3085

The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images.

7.2AI Score

0.028EPSS

2009-09-08 06:30 PM
35
cve
cve

CVE-2010-4528

directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session.

6.1AI Score

0.022EPSS

2011-01-07 12:00 PM
29
cve
cve

CVE-2011-2943

The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a ...

6.3AI Score

0.11EPSS

2011-08-29 05:55 PM
33
cve
cve

CVE-2011-3594

The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, rel...

7.2AI Score

0.058EPSS

2011-11-04 09:55 PM
39