Pidgin

Pidgin

86 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.9

CVE-2013-0274

  • EPSS 0.47%
  • Veröffentlicht 16.02.2013 21:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.

5

CVE-2013-0273

  • EPSS 2.11%
  • Veröffentlicht 16.02.2013 21:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet.

6.8

CVE-2013-0272

  • EPSS 1.9%
  • Veröffentlicht 16.02.2013 21:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header.

2.1

CVE-2011-4922

Exploit
  • EPSS 0.11%
  • Veröffentlicht 08.08.2012 10:26:18
  • Zuletzt bearbeitet 11.04.2025 00:51:21

cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.

7.5

CVE-2012-3374

Exploit
  • EPSS 3.69%
  • Veröffentlicht 07.07.2012 10:21:14
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message.

5

CVE-2012-2318

Exploit
  • EPSS 0.88%
  • Veröffentlicht 03.07.2012 19:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message.

3.5

CVE-2012-2214

  • EPSS 0.54%
  • Veröffentlicht 03.07.2012 19:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer req...

5

CVE-2012-1178

  • EPSS 1.01%
  • Veröffentlicht 15.03.2012 10:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding.

6.4

CVE-2011-4939

  • EPSS 1.1%
  • Veröffentlicht 15.03.2012 10:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room.

5

CVE-2011-4601

  • EPSS 3.79%
  • Veröffentlicht 25.12.2011 01:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or...