Thijs Alkemade and Robert Vehse discovered that Pidgin incorrectly handled
the Yahoo! protocol. A remote attacker could use this issue to cause
Pidgin to crash, resulting in a denial of service. (CVE-2012-6152)
Jaime Breva Ribes discovered that Pidgin incorrectly handled the XMPP
protocol. A remote attacker could use this issue to cause Pidgin to crash,
resulting in a denial of service. (CVE-2013-6477)
It was discovered that Pidgin incorrecly handled long URLs. A remote
attacker could use this issue to cause Pidgin to crash, resulting in a
denial of service. (CVE-2013-6478)
Jacob Appelbaum discovered that Pidgin incorrectly handled certain HTTP
responses. A malicious remote server or a machine-in-the-middle could use this
issue to cause Pidgin to crash, resulting in a denial of service.
(CVE-2013-6479)
Daniel Atallah discovered that Pidgin incorrectly handled the Yahoo!
protocol. A remote attacker could use this issue to cause Pidgin to crash,
resulting in a denial of service. (CVE-2013-6481)
Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin
incorrectly handled the MSN protocol. A remote attacker could use this
issue to cause Pidgin to crash, resulting in a denial of service.
(CVE-2013-6482)
Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin
incorrectly handled XMPP iq replies. A remote attacker could use this
issue to spoof messages. (CVE-2013-6483)
It was discovered that Pidgin incorrectly handled STUN server responses. A
remote attacker could use this issue to cause Pidgin to crash, resulting in
a denial of service. (CVE-2013-6484)
Matt Jones discovered that Pidgin incorrectly handled certain chunked HTTP
responses. A malicious remote server or a machine-in-the-middle could use this
issue to cause Pidgin to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2013-6485)
Yves Younan and Ryan Pentney discovered that Pidgin incorrectly handled
certain Gadu-Gadu HTTP messages. A malicious remote server or a
machine-in-the-middle could use this issue to cause Pidgin to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2013-6487)
Yves Younan and Pawel Janic discovered that Pidgin incorrectly handled MXit
emoticons. A remote attacker could use this issue to cause Pidgin to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2013-6489)
Yves Younan discovered that Pidgin incorrectly handled SIMPLE headers. A
remote attacker could use this issue to cause Pidgin to crash, resulting in
a denial of service, or possibly execute arbitrary code. (CVE-2013-6490)
Daniel Atallah discovered that Pidgin incorrectly handled IRC argument
parsing. A malicious remote server or a machine-in-the-middle could use this
issue to cause Pidgin to crash, resulting in a denial of service.
(CVE-2014-0020)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 13.10 | noarch | libpurple0 | < 1:2.10.7-0ubuntu4.1.13.10.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | finch | < 1:2.10.7-0ubuntu4.1.13.10.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | pidgin | < 1:2.10.7-0ubuntu4.1.13.10.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | pidgin-dbg | < 1:2.10.7-0ubuntu4.1.13.10.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | libpurple0 | < 1:2.10.6-0ubuntu2.3 | UNKNOWN |
Ubuntu | 12.10 | noarch | finch | < 1:2.10.6-0ubuntu2.3 | UNKNOWN |
Ubuntu | 12.10 | noarch | pidgin | < 1:2.10.6-0ubuntu2.3 | UNKNOWN |
Ubuntu | 12.10 | noarch | pidgin-dbg | < 1:2.10.6-0ubuntu2.3 | UNKNOWN |
Ubuntu | 12.04 | noarch | libpurple0 | < 1:2.10.3-0ubuntu1.4 | UNKNOWN |
Ubuntu | 12.04 | noarch | finch | < 1:2.10.3-0ubuntu1.4 | UNKNOWN |
ubuntu.com/security/CVE-2012-6152
ubuntu.com/security/CVE-2013-6477
ubuntu.com/security/CVE-2013-6478
ubuntu.com/security/CVE-2013-6479
ubuntu.com/security/CVE-2013-6481
ubuntu.com/security/CVE-2013-6482
ubuntu.com/security/CVE-2013-6483
ubuntu.com/security/CVE-2013-6484
ubuntu.com/security/CVE-2013-6485
ubuntu.com/security/CVE-2013-6487
ubuntu.com/security/CVE-2013-6489
ubuntu.com/security/CVE-2013-6490
ubuntu.com/security/CVE-2014-0020