5

CVE-2009-3085

The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PidginPidgin Version <= 2.6.1
PidginPidgin Version2.0.0
PidginPidgin Version2.0.1
PidginPidgin Version2.0.2
PidginPidgin Version2.0.2 Editionlinux
PidginPidgin Version2.1.0
PidginPidgin Version2.1.1
PidginPidgin Version2.2.0
PidginPidgin Version2.2.1
PidginPidgin Version2.2.2
PidginPidgin Version2.3.0
PidginPidgin Version2.3.1
PidginPidgin Version2.4.0
PidginPidgin Version2.4.0 Update32_bit
PidginPidgin Version2.4.1
PidginPidgin Version2.4.1 Update32_bit
PidginPidgin Version2.4.2
PidginPidgin Version2.4.2 Update32_bit
PidginPidgin Version2.4.3
PidginPidgin Version2.4.3 Update32_bit
PidginPidgin Version2.5.0
PidginPidgin Version2.5.0 Update32_bit
PidginPidgin Version2.5.1
PidginPidgin Version2.5.2
PidginPidgin Version2.5.2 Update32_bit
PidginPidgin Version2.5.3
PidginPidgin Version2.5.3 Update32_bit
PidginPidgin Version2.5.4
PidginPidgin Version2.5.4 Update32_bit
PidginPidgin Version2.5.5
PidginPidgin Version2.5.5 Update32_bit
PidginPidgin Version2.5.6
PidginPidgin Version2.5.7
PidginPidgin Version2.5.8
PidginPidgin Version2.5.9
PidginPidgin Version2.6.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.95% 0.742
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P