Pidgin@2.0.2 Security Vulnerabilities and Issues — Pidgin@2.0.2 CVE List

Lucene search

PidginPidgin2.0.2

10 matches found

CVE•added 2009/05/26 3:30 p.m.•103 views

CVE-2009-1373

Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.

7.1CVSS7.7AI score0.05766EPSS

CVE•added 2009/08/21 11:2 a.m.•79 views

CVE-2009-2694

The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending mul...

10CVSS8.3AI score0.34578EPSS

Web

CVE•added 2009/05/26 3:30 p.m.•72 views

CVE-2009-1375

The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol.

5CVSS7.3AI score0.05278EPSS

CVE•added 2009/05/26 3:30 p.m.•70 views

CVE-2009-1374

Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet.

5CVSS6.5AI score0.04458EPSS

CVE•added 2009/09/08 6:30 p.m.•69 views

CVE-2009-3083

The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demons...

5CVSS7.2AI score0.01284EPSS

CVE•added 2009/09/08 6:30 p.m.•66 views

CVE-2009-2703

libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string.

5CVSS7.1AI score0.00643EPSS

Web

CVE•added 2009/10/20 5:30 p.m.•64 views

CVE-2009-3615

The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.

5CVSS7.5AI score0.07985EPSS

CVE•added 2009/07/01 1:0 p.m.•61 views

CVE-2009-1889

The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory.

5CVSS7AI score0.03236EPSS

CVE•added 2009/09/08 6:30 p.m.•53 views

CVE-2009-3085

The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images.

5CVSS7.2AI score0.00949EPSS

CVE•added 2009/09/08 6:30 p.m.•51 views

CVE-2009-3084

The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized va...

5CVSS7.1AI score0.01382EPSS