Total
89 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3698 | 1 Pidgin | 1 Pidgin | 2018-01-05 | 5.0 MEDIUM | N/A |
| The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message. | |||||
| CVE-2014-3696 | 1 Pidgin | 1 Pidgin | 2018-01-05 | 5.0 MEDIUM | N/A |
| nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation. | |||||
| CVE-2014-3695 | 1 Pidgin | 1 Pidgin | 2018-01-05 | 5.0 MEDIUM | N/A |
| markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response. | |||||
| CVE-2012-2318 | 1 Pidgin | 1 Pidgin | 2017-12-29 | 5.0 MEDIUM | N/A |
| msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message. | |||||
| CVE-2012-2214 | 1 Pidgin | 1 Pidgin | 2017-12-29 | 3.5 LOW | N/A |
| proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests. | |||||
| CVE-2012-3374 | 1 Pidgin | 1 Pidgin | 2017-12-01 | 7.5 HIGH | N/A |
| Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message. | |||||
| CVE-2009-1889 | 1 Pidgin | 1 Pidgin | 2017-09-29 | 5.0 MEDIUM | N/A |
| The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory. | |||||
| CVE-2009-1375 | 1 Pidgin | 1 Pidgin | 2017-09-29 | 5.0 MEDIUM | N/A |
| The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol. | |||||
| CVE-2009-1374 | 1 Pidgin | 1 Pidgin | 2017-09-29 | 5.0 MEDIUM | N/A |
| Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet. | |||||
| CVE-2008-3532 | 1 Pidgin | 1 Pidgin | 2017-09-29 | 6.8 MEDIUM | N/A |
| The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. | |||||
| CVE-2008-2957 | 1 Pidgin | 1 Pidgin | 2017-09-29 | 6.4 MEDIUM | N/A |
| The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. | |||||
| CVE-2013-0274 | 1 Pidgin | 1 Pidgin | 2017-09-19 | 2.9 LOW | N/A |
| upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network. | |||||
| CVE-2013-0273 | 1 Pidgin | 1 Pidgin | 2017-09-19 | 5.0 MEDIUM | N/A |
| sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2013-0272 | 1 Pidgin | 1 Pidgin | 2017-09-19 | 6.8 MEDIUM | N/A |
| Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header. | |||||
| CVE-2013-0271 | 1 Pidgin | 1 Pidgin | 2017-09-19 | 5.0 MEDIUM | N/A |
| The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname. | |||||
| CVE-2011-4922 | 1 Pidgin | 1 Pidgin | 2017-09-19 | 2.1 LOW | N/A |
| cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents. | |||||
| CVE-2011-4603 | 1 Pidgin | 1 Pidgin | 2017-09-19 | 5.0 MEDIUM | N/A |
| The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594. | |||||
| CVE-2011-4602 | 1 Pidgin | 1 Pidgin | 2017-09-19 | 5.0 MEDIUM | N/A |
| The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message. | |||||
| CVE-2011-4601 | 1 Pidgin | 1 Pidgin | 2017-09-19 | 5.0 MEDIUM | N/A |
| family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition. | |||||
| CVE-2011-3594 | 1 Pidgin | 2 Libpurple, Pidgin | 2017-09-19 | 4.3 MEDIUM | N/A |
| The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2. | |||||