Vulnerabilities (CVE)

Filtered by vendor Pidgin Subscribe
Total 90 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-0272 1 Pidgin 1 Pidgin 2024-11-21 6.8 MEDIUM N/A
Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header.
CVE-2013-0271 1 Pidgin 1 Pidgin 2024-11-21 5.0 MEDIUM N/A
The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname.
CVE-2012-6152 1 Pidgin 1 Pidgin 2024-11-21 5.0 MEDIUM N/A
The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences.
CVE-2012-3374 1 Pidgin 1 Pidgin 2024-11-21 7.5 HIGH N/A
Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message.
CVE-2012-2369 2 Cypherpunks, Pidgin 2 Pidgin-otr, Pidgin 2024-11-21 7.5 HIGH N/A
Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message.
CVE-2012-2318 1 Pidgin 1 Pidgin 2024-11-21 5.0 MEDIUM N/A
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message.
CVE-2012-2214 1 Pidgin 1 Pidgin 2024-11-21 3.5 LOW N/A
proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests.
CVE-2012-1257 1 Pidgin 1 Pidgin 2024-11-21 2.1 LOW 5.5 MEDIUM
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.
CVE-2012-1178 1 Pidgin 1 Pidgin 2024-11-21 5.0 MEDIUM N/A
The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding.
CVE-2011-4939 1 Pidgin 1 Pidgin 2024-11-21 6.4 MEDIUM N/A
The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room.
CVE-2011-4922 1 Pidgin 1 Pidgin 2024-11-21 2.1 LOW N/A
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.
CVE-2011-4603 1 Pidgin 1 Pidgin 2024-11-21 5.0 MEDIUM N/A
The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.
CVE-2011-4602 1 Pidgin 1 Pidgin 2024-11-21 5.0 MEDIUM N/A
The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.
CVE-2011-4601 1 Pidgin 1 Pidgin 2024-11-21 5.0 MEDIUM N/A
family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.
CVE-2011-3594 1 Pidgin 2 Libpurple, Pidgin 2024-11-21 4.3 MEDIUM N/A
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.
CVE-2011-3185 2 Microsoft, Pidgin 2 Windows, Pidgin 2024-11-21 9.3 HIGH N/A
gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message.
CVE-2011-3184 1 Pidgin 1 Pidgin 2024-11-21 4.3 MEDIUM N/A
The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.
CVE-2011-2943 1 Pidgin 2 Libpurple, Pidgin 2024-11-21 4.3 MEDIUM N/A
The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.
CVE-2011-1091 1 Pidgin 1 Pidgin 2024-11-21 4.0 MEDIUM N/A
libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message.
CVE-2010-4528 1 Pidgin 2 Libpurple, Pidgin 2024-11-21 4.0 MEDIUM N/A
directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session.