Pidgin

Pidgin

86 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2014-0020

  • EPSS 3.33%
  • Veröffentlicht 06.02.2014 16:10:59
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message.

5

CVE-2013-6485

  • EPSS 0.68%
  • Veröffentlicht 06.02.2014 16:10:58
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data.

5

CVE-2012-6152

  • EPSS 1.1%
  • Veröffentlicht 06.02.2014 16:10:58
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences.

5

CVE-2013-6477

  • EPSS 1.1%
  • Veröffentlicht 06.02.2014 16:10:58
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message.

4.3

CVE-2013-6478

  • EPSS 2.9%
  • Veröffentlicht 06.02.2014 16:10:58
  • Zuletzt bearbeitet 11.04.2025 00:51:21

gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a...

5

CVE-2013-6479

  • EPSS 0.64%
  • Veröffentlicht 06.02.2014 16:10:58
  • Zuletzt bearbeitet 11.04.2025 00:51:21

util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted res...

6.4

CVE-2013-6483

  • EPSS 1.1%
  • Veröffentlicht 06.02.2014 16:10:58
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial ...

5

CVE-2013-6484

  • EPSS 0.64%
  • Veröffentlicht 06.02.2014 16:10:58
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error.

9.3

CVE-2013-6486

  • EPSS 1.27%
  • Veröffentlicht 06.02.2014 16:10:58
  • Zuletzt bearbeitet 11.04.2025 00:51:21

gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerabilit...

5

CVE-2013-0271

  • EPSS 0.56%
  • Veröffentlicht 16.02.2013 21:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname.