CVSS: 5.0EPSS: 2%CPEs: 37EXPL: 0CVE-2009-3085 – Pidgin: NULL pointer dereference by processing a custom smiley (DoS)
https://notcve.org/view.php?id=CVE-2009-3085
The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images. El plugin para el protocolo XMPP en libpurple en Pidgin anterior a v2.6.2 no maneja adecuadamente un error en la trama IQ (petición de información) durante un intento de traer un smiley personalizado, permitiendo a atacantes remotos provocar una denegación de servicio (fin de la aplicación) mediante contenido XHTML-IM con imagenes "cid:". • http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8 http://secunia.com/advisories/36601 http://www.pidgin.im/news/security/index.php?id=37 http://www.securityfocus.com/bid/36277 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434 https://access.redhat.com/security/cve/CVE-2009-3085 https://bugzilla.redhat.com/show_bug.cgi?id=521853 • CWE-476: NULL Pointer Dereference •
CVSS: 5.0EPSS: 0%CPEs: 37EXPL: 0CVE-2009-2703 – Pidgin: NULL pointer dereference by handling IRC topic(s) (DoS)
https://notcve.org/view.php?id=CVE-2009-2703
libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string. libpurple/protocols/irc/msgs.c en el complemento (plugin) de protocolo IRC de libpurple en Pidgin v2.6.2 permite causar a servidores IRC remotos para una denegación de servicio (mediante una desreferencia a puntero NULL y caida de la aplicación) a través de un mensaje TOPIC que carece de una cadena de asunto. • http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3 http://secunia.com/advisories/36601 http://www.pidgin.im/news/security/index.php?id=40 http://www.securityfocus.com/bid/36277 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435 https://access.redhat.com/security/cve/CVE-2009-2703 https://bugzilla.redhat.com/show_bug.cgi?id=521823 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •