Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-2100-1
HistoryFeb 06, 2014 - 12:00 a.m.

Pidgin vulnerabilities

2014-02-0600:00:00
ubuntu.com
30

8 High

AI Score

Confidence

Low

0.04 Low

EPSS

Percentile

92.0%

JSON

Releases

  • Ubuntu 13.10
  • Ubuntu 12.10
  • Ubuntu 12.04

Packages

  • pidgin - graphical multi-protocol instant messaging client for X

Details

Thijs Alkemade and Robert Vehse discovered that Pidgin incorrectly handled
the Yahoo! protocol. A remote attacker could use this issue to cause
Pidgin to crash, resulting in a denial of service. (CVE-2012-6152)

Jaime Breva Ribes discovered that Pidgin incorrectly handled the XMPP
protocol. A remote attacker could use this issue to cause Pidgin to crash,
resulting in a denial of service. (CVE-2013-6477)

It was discovered that Pidgin incorrecly handled long URLs. A remote
attacker could use this issue to cause Pidgin to crash, resulting in a
denial of service. (CVE-2013-6478)

Jacob Appelbaum discovered that Pidgin incorrectly handled certain HTTP
responses. A malicious remote server or a machine-in-the-middle could use this
issue to cause Pidgin to crash, resulting in a denial of service.
(CVE-2013-6479)

Daniel Atallah discovered that Pidgin incorrectly handled the Yahoo!
protocol. A remote attacker could use this issue to cause Pidgin to crash,
resulting in a denial of service. (CVE-2013-6481)

Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin
incorrectly handled the MSN protocol. A remote attacker could use this
issue to cause Pidgin to crash, resulting in a denial of service.
(CVE-2013-6482)

Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin
incorrectly handled XMPP iq replies. A remote attacker could use this
issue to spoof messages. (CVE-2013-6483)

It was discovered that Pidgin incorrectly handled STUN server responses. A
remote attacker could use this issue to cause Pidgin to crash, resulting in
a denial of service. (CVE-2013-6484)

Matt Jones discovered that Pidgin incorrectly handled certain chunked HTTP
responses. A malicious remote server or a machine-in-the-middle could use this
issue to cause Pidgin to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2013-6485)

Yves Younan and Ryan Pentney discovered that Pidgin incorrectly handled
certain Gadu-Gadu HTTP messages. A malicious remote server or a
machine-in-the-middle could use this issue to cause Pidgin to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2013-6487)

Yves Younan and Pawel Janic discovered that Pidgin incorrectly handled MXit
emoticons. A remote attacker could use this issue to cause Pidgin to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2013-6489)

Yves Younan discovered that Pidgin incorrectly handled SIMPLE headers. A
remote attacker could use this issue to cause Pidgin to crash, resulting in
a denial of service, or possibly execute arbitrary code. (CVE-2013-6490)

Daniel Atallah discovered that Pidgin incorrectly handled IRC argument
parsing. A malicious remote server or a machine-in-the-middle could use this
issue to cause Pidgin to crash, resulting in a denial of service.
(CVE-2014-0020)

OSVersionArchitecturePackageVersionFilename
Ubuntu13.10noarchlibpurple0< 1:2.10.7-0ubuntu4.1.13.10.1UNKNOWN
Ubuntu13.10noarchfinch< 1:2.10.7-0ubuntu4.1.13.10.1UNKNOWN
Ubuntu13.10noarchpidgin< 1:2.10.7-0ubuntu4.1.13.10.1UNKNOWN
Ubuntu13.10noarchpidgin-dbg< 1:2.10.7-0ubuntu4.1.13.10.1UNKNOWN
Ubuntu12.10noarchlibpurple0< 1:2.10.6-0ubuntu2.3UNKNOWN
Ubuntu12.10noarchfinch< 1:2.10.6-0ubuntu2.3UNKNOWN
Ubuntu12.10noarchpidgin< 1:2.10.6-0ubuntu2.3UNKNOWN
Ubuntu12.10noarchpidgin-dbg< 1:2.10.6-0ubuntu2.3UNKNOWN
Ubuntu12.04noarchlibpurple0< 1:2.10.3-0ubuntu1.4UNKNOWN
Ubuntu12.04noarchfinch< 1:2.10.3-0ubuntu1.4UNKNOWN
Rows per page:
1-10 of 121

Related

securityvulns 2
veracode 13
nessus 22
openvas 29
osv 2
fedora 6
centos 1
redhat 1
oraclelinux 1
mageia 2
debian 4
slackware 1
kaspersky 1
gentoo 2
cve 13
debiancve 13
ubuntucve 13
cvelist 13
prion 13
talos 3
ubuntu 1
securityvulns
securityvulns
libgadu / libpurple / Pidgin multiple security vulnerabilities
2014-02-10 00:00:00
[USN-2101-1] libgadu vulnerability
2014-02-10 00:00:00
veracode
veracode
NULL Pointer Dereference
2019-05-02 05:01:11
Integer Overflow
2019-05-02 05:01:11
BufferOverflow
2019-05-02 05:01:11
nessus
nessus
Oracle Linux 6 : pidgin (ELSA-2014-0139)
2014-02-06 00:00:00
Fedora 20 : pidgin-2.10.9-1.fc20 (2014-2013)
2014-02-06 00:00:00
Ubuntu 12.04 LTS / 12.10 / 13.10 : pidgin vulnerabilities (USN-2100-1)
2014-02-07 00:00:00
openvas
openvas
CentOS Update for finch CESA-2014:0139 centos6
2014-02-11 00:00:00
Ubuntu Update for pidgin USN-2100-1
2014-02-11 00:00:00
Fedora Update for pidgin FEDORA-2014-1999
2014-02-17 00:00:00
osv
osv
pidgin - several
2014-02-10 00:00:00
pidgin - security update
2014-02-10 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: pidgin-2.10.9-1.fc19
2014-02-14 08:00:10
[SECURITY] Fedora 20 Update: pidgin-2.10.9-1.fc20
2014-02-06 03:50:31
[SECURITY] Fedora 20 Update: libgadu-1.12.0-0.3.rc2.fc20
2014-02-14 08:04:08
centos
centos
finch, libpurple, pidgin security update
2014-02-05 19:41:13
redhat
redhat
(RHSA-2014:0139) Moderate: pidgin security update
2014-02-05 00:00:00
oraclelinux
oraclelinux
pidgin security update
2014-02-05 00:00:00
mageia
mageia
Updated pidgin package fixes security vulnerabilities
2014-02-05 19:31:44
Updated libgadu packages fix security vulnerability
2014-02-16 17:23:36
debian
debian
[BSA-092] Security Update for pidgin
2014-02-22 11:36:11
[SECURITY] [DSA 2859-1] pidgin security update
2014-02-10 17:30:48
[SECURITY] [DSA 2859-2] pidgin security update
2014-03-19 22:45:44
slackware
slackware
pidgin
2014-02-03 13:58:20
kaspersky
kaspersky
KLA10433 Multiple vulnerabilities in Pidgin
2014-06-02 00:00:00
gentoo
gentoo
Pidgin: Multiple vulnerabilities
2014-05-18 00:00:00
libgadu: Multiple vulnerabilities
2015-08-15 00:00:00
cve
cve
CVE-2013-6479
2014-02-06 16:10:00
CVE-2013-6482
2014-02-06 17:00:00
CVE-2013-6490
2014-02-06 17:00:00
debiancve
debiancve
CVE-2013-6479
2014-02-06 16:10:00
CVE-2013-6482
2014-02-06 17:00:00
CVE-2012-6152
2014-02-06 16:10:00
ubuntucve
ubuntucve
CVE-2013-6479
2014-02-05 00:00:00
CVE-2013-6482
2014-02-05 00:00:00
CVE-2012-6152
2014-02-05 00:00:00
cvelist
cvelist
CVE-2012-6152
2014-02-06 15:00:00
CVE-2013-6479
2014-02-06 15:00:00
CVE-2013-6482
2014-02-06 16:00:00
prion
prion
Design/Logic Flaw
2014-02-06 16:10:00
Null pointer dereference
2014-02-06 16:10:00
Integer overflow
2014-02-06 16:10:00
talos
talos
Pidgin libpurple Mxit Emoticon Name Length Integer Overflow Vulnerability
2014-01-26 00:00:00
Pidgin libpurple SIP/SIMPLE Content-Length Integer Overflow Vulnerability
2014-01-26 00:00:00
Pidgin libpurple Gadu Gadu HTTP Content-Length Integer Overflow Vulnerability
2014-01-26 00:00:00
ubuntu
ubuntu
libgadu vulnerability
2014-02-10 00:00:00

8 High

AI Score

Confidence

Low

0.04 Low

EPSS

Percentile

92.0%

JSON
Related for USN-2100-1
securityvulns2veracode13nessus22openvas29osv2fedora6centos1redhat1oraclelinux1mageia2debian4slackware1kaspersky1gentoo2cve13debiancve13ubuntucve13cvelist13prion13talos3ubuntu1