7 matches found
CVE-2009-2703
CVE-2009-2703 affects Pidgin (libpurple IRC protocol plug-in) where an IRC TOPIC message lacking a topic string can trigger a NULL pointer dereference, leading to a denial of service (application crash). This vulnerability is discussed in Red Hat/Oracle Linux advisories that upgrade Pidgin to ver...
CVE-2009-3083
CVE-2009-3083 affects Pidgin (libpurple) MSN protocol plug-in. The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c can crash via a malformed MSNSLP invite when required fields are missing, causing a remote denial-of-service (NULL pointer dereference). Affected product: Pidgin prior to ...
CVE-2011-3594
CVE-2011-3594 affects the Pidgin/libpurple SILC protocol plug-in (libpurple 2.10.0 and earlier). The issue: remote sending of certain SILC messages with invalid UTF-8 sequences can trigger use-after-free/invalid-pointer and out-of-bounds reads, crashing Pidgin. Public advisories show downstream p...
CVE-2009-3085
CVE-2009-3085 affects Pidgin’s libpurple XMPP plugin. Root cause: a NULL pointer dereference when processing an IQ error response while fetching a custom smiley, leading to a remote denial of service (PIDGIN crash) via XHTML-IM content with cid: images. Affected versions are Pidgin before 2.6.2; ...
CVE-2009-3084
The CVE affects the MSN protocol plugin in libpurple (used by Pidgin up to 2.6.1). The vulnerability is in msn_slp_process_msg when handling handwritten Ink messages, caused by an uninitialized variable and an incorrect UTF16-LE charset name, allowing a remote attacker to crash the application (d...
CVE-2011-2943
Pidgin (libpurple IRC protocol plugin) is affected by CVE-2011-2943. The irc_msg_who handler in msgs.c fails to validate characters in nicknames, allowing user-assisted remote attackers to trigger a denial of service (NULL pointer dereference and crash). Affected versions are libpurple 2.8.0–2.9....
CVE-2010-4528
The CVE-2010-4528 issue affects the MSN protocol plugin in libpurple used by Pidgin, specifically in directconn.c for Pidgin versions 2.7.6–2.7.8. The flaw allows remote authenticated users to trigger a denial-of-service via a short p2pv2 DirectConnect (direct connection) packet, resulting in a N...