CVSS: 5.0EPSS: 2%CPEs: 37EXPL: 0CVE-2009-3085 – Pidgin: NULL pointer dereference by processing a custom smiley (DoS)
https://notcve.org/view.php?id=CVE-2009-3085
The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images. El plugin para el protocolo XMPP en libpurple en Pidgin anterior a v2.6.2 no maneja adecuadamente un error en la trama IQ (petición de información) durante un intento de traer un smiley personalizado, permitiendo a atacantes remotos provocar una denegación de servicio (fin de la aplicación) mediante contenido XHTML-IM con imagenes "cid:". • http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8 http://secunia.com/advisories/36601 http://www.pidgin.im/news/security/index.php?id=37 http://www.securityfocus.com/bid/36277 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434 https://access.redhat.com/security/cve/CVE-2009-3085 https://bugzilla.redhat.com/show_bug.cgi?id=521853 • CWE-476: NULL Pointer Dereference •
CVSS: 5.0EPSS: 0%CPEs: 37EXPL: 0CVE-2009-2703 – Pidgin: NULL pointer dereference by handling IRC topic(s) (DoS)
https://notcve.org/view.php?id=CVE-2009-2703
libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string. libpurple/protocols/irc/msgs.c en el complemento (plugin) de protocolo IRC de libpurple en Pidgin v2.6.2 permite causar a servidores IRC remotos para una denegación de servicio (mediante una desreferencia a puntero NULL y caida de la aplicación) a través de un mensaje TOPIC que carece de una cadena de asunto. • http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3 http://secunia.com/advisories/36601 http://www.pidgin.im/news/security/index.php?id=40 http://www.securityfocus.com/bid/36277 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435 https://access.redhat.com/security/cve/CVE-2009-2703 https://bugzilla.redhat.com/show_bug.cgi?id=521823 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 12%CPEs: 29EXPL: 3CVE-2009-2694 – Pidgin MSN 2.5.8 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-2694
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376. La función msn_slplink_process_msg en libpurple/protocols/msn/slplink.c en libpurple, tal como se usa en Pidgin (anteriormente Gaim) en versiones anteriores a la 2.5.9 y Adium 1.3.5 y versiones anteriores, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) mediante el envío de múltiples mensajes SLP (alias MSNSLP) manipulados para disparar una sobreescritura de una zona de memoria de su elección. NOTA: esta vulnerabilidad reportada está causada por una reparación incompleta de CVE-2009-1376. • https://www.exploit-db.com/exploits/9615 http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e http://developer.pidgin.im/wiki/ChangeLog http://secunia.com/advisories/36384 http://secunia.com/advisories/36392 http://secunia.com/advisories/36401 http://secunia.com/advisories/36402 http://secunia.com/advisories/36708 http://secunia.com/advisories/37071 http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1 http://www.coresecurity.com/content/lib • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 5%CPEs: 26EXPL: 0CVE-2009-1889 – pidgin: DoS via specially-crafted ICQWebMessage
https://notcve.org/view.php?id=CVE-2009-1889
The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory. La implementación del protocolo OSCAR en Pidgin anterior a v2.5.8 no interpreta el tipo de mensaje ICQWebMessage como tipo ICQSMS, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un mensaje web ICQ manipulado que lanza una asignación de una gran cantidad de memoria. • http://developer.pidgin.im/ticket/9483 http://pidgin.im/pipermail/devel/2009-May/008227.html http://secunia.com/advisories/35693 http://secunia.com/advisories/35697 http://secunia.com/advisories/35706 http://secunia.com/advisories/37071 http://www.redhat.com/support/errata/RHSA-2009-1139.html http://www.securityfocus.com/bid/35530 http://www.ubuntu.com/usn/USN-796-1 http://www.vupen.com/english/advisories/2009/1749 https://bugzilla.redhat.com/show_bug.cgi?id=5 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 11%CPEs: 21EXPL: 0CVE-2009-1374 – pidgin DoS when decrypting qq packets
https://notcve.org/view.php?id=CVE-2009-1374
Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet. Desbordamiento de búfer en la función decrypt_out en Pidgin anteriores a v2.5.6 permite a atacantes remotos producir una denegación de servicio (caída de aplicación)a través de un paquete QQ. • http://secunia.com/advisories/35188 http://secunia.com/advisories/35194 http://secunia.com/advisories/35202 http://secunia.com/advisories/35294 http://secunia.com/advisories/35329 http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:173 http://www.pidgin.im/news/security/?id=30 http://www.redhat.com/support/errata/RHSA-2009-1060.html http://www.securityfocus.com/bid/35067 http://www.ubuntu.com/usn • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •