- EPSS 3.12%
- Veröffentlicht 16.02.2013 21:55:02
- Zuletzt bearbeitet 29.04.2026 01:13:23
The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname.
CVE-2013-0274
- EPSS 1.35%
- Veröffentlicht 16.02.2013 21:55:02
- Zuletzt bearbeitet 29.04.2026 01:13:23
upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.
- EPSS 2.6%
- Veröffentlicht 16.02.2013 21:55:02
- Zuletzt bearbeitet 29.04.2026 01:13:23
sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet.
CVE-2013-0272
- EPSS 2.86%
- Veröffentlicht 16.02.2013 21:55:02
- Zuletzt bearbeitet 29.04.2026 01:13:23
Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header.
CVE-2011-4922
- EPSS 0.3%
- Veröffentlicht 08.08.2012 10:26:18
- Zuletzt bearbeitet 16.06.2026 23:35:38
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.
CVE-2012-3374
- EPSS 6.4%
- Veröffentlicht 07.07.2012 10:21:14
- Zuletzt bearbeitet 16.06.2026 23:43:06
Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message.
- EPSS 1.71%
- Veröffentlicht 03.07.2012 19:55:03
- Zuletzt bearbeitet 16.06.2026 23:41:20
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message.
CVE-2012-2214
- EPSS 2.2%
- Veröffentlicht 03.07.2012 19:55:02
- Zuletzt bearbeitet 16.06.2026 23:41:11
proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer req...
- EPSS 2.5%
- Veröffentlicht 15.03.2012 10:55:01
- Zuletzt bearbeitet 16.06.2026 23:39:11
The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding.
CVE-2011-4939
- EPSS 3.55%
- Veröffentlicht 15.03.2012 10:55:01
- Zuletzt bearbeitet 16.06.2026 23:35:39
The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room.