Pidgin

Pidgin

86 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2014-0020

  • EPSS 3.33%
  • Published 06.02.2014 16:10:59
  • Last modified 11.04.2025 00:51:21

The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message.

5

CVE-2013-6485

  • EPSS 0.68%
  • Published 06.02.2014 16:10:58
  • Last modified 11.04.2025 00:51:21

Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data.

5

CVE-2012-6152

  • EPSS 1.1%
  • Published 06.02.2014 16:10:58
  • Last modified 11.04.2025 00:51:21

The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences.

5

CVE-2013-6477

  • EPSS 1.1%
  • Published 06.02.2014 16:10:58
  • Last modified 11.04.2025 00:51:21

Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message.

4.3

CVE-2013-6478

  • EPSS 2.9%
  • Published 06.02.2014 16:10:58
  • Last modified 11.04.2025 00:51:21

gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a...

5

CVE-2013-6479

  • EPSS 0.64%
  • Published 06.02.2014 16:10:58
  • Last modified 11.04.2025 00:51:21

util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted res...

6.4

CVE-2013-6483

  • EPSS 1.1%
  • Published 06.02.2014 16:10:58
  • Last modified 11.04.2025 00:51:21

The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial ...

5

CVE-2013-6484

  • EPSS 0.64%
  • Published 06.02.2014 16:10:58
  • Last modified 11.04.2025 00:51:21

The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error.

9.3

CVE-2013-6486

  • EPSS 1.27%
  • Published 06.02.2014 16:10:58
  • Last modified 11.04.2025 00:51:21

gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerabilit...

5

CVE-2013-0271

  • EPSS 0.56%
  • Published 16.02.2013 21:55:02
  • Last modified 11.04.2025 00:51:21

The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname.