CVSS: 7.5EPSS: 0%CPEs: 53EXPL: 0CVE-2013-6484 – pidgin: DoS via specially-crafted stun messages
https://notcve.org/view.php?id=CVE-2013-6484
04 Feb 2014 — The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error. La implementación del protocolo STUN en libpurple en Pidgin anterior a 2.10.8 permite a servidores STUN remotos causar una denegación de servicio (una operación de escritura fuera de rango y caída de la aplicación) mediante un error de lectura del socket. The Yahoo! protocol plugin in libpurple i... • http://hg.pidgin.im/pidgin/main/rev/932b985540e9 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 53EXPL: 0CVE-2013-6485 – pidgin: Heap-based buffer overflow when parsing chunked HTTP responses
https://notcve.org/view.php?id=CVE-2013-6485
04 Feb 2014 — Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data. Desbordamiento de buffer en util.c en libpurple en Pidgin anterior a 2.10.8 permite a servidores HTTP remotos causar una denegación de servicio (caída de la aplicación) o posiblemente tener otro impacto no especificado a través del campo de tamaño de fragmento en da... • http://hg.pidgin.im/pidgin/main/rev/c9e5aba2dafd • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.3EPSS: 1%CPEs: 53EXPL: 0CVE-2013-6486 – Mandriva Linux Security Advisory 2014-025
https://notcve.org/view.php?id=CVE-2013-6486
04 Feb 2014 — gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185. gtkutils.c en Pidgin anterior a 2.10.8 en Windows permite a atacantes remotos asistidos por usuario ejecutar programas arbitrarios a través de un mensaje que contenga un archivo: URL que no es manejada debi... • http://hg.pidgin.im/pidgin/main/rev/b2571530fa8b • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 14EXPL: 0CVE-2013-6487 – pidgin: Heap-based buffer overflow in Gadu-Gadu protocol plugin
https://notcve.org/view.php?id=CVE-2013-6487
04 Feb 2014 — Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow. Desbordamiento de entero en libpurple/protocols/gg/lib/http.c en el analizador Gadu-Gadu (gg) en Pidgin anterior a 2.10.8 permite a atacantes remotos tener un impacto no especificado a través de un valor Content-Length largo, lo que provoca un desbordamiento de buffer. The Yahoo! pr... • http://advisories.mageia.org/MGASA-2014-0074.html • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 53EXPL: 0CVE-2013-6489 – pidgin: Heap-based buffer overflow in MXit emoticon parsing
https://notcve.org/view.php?id=CVE-2013-6489
04 Feb 2014 — Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow. Error de signo de enteros en la funcionalidad MXit en Pidgin anterior a 2.10.8 permite a atacantes remotos causar una denegación de servicio (fallo de segmentación) a través de un valor manipulado de emoticono, lo que provoca un desbordamiento de entero y desbordamiento de b... • http://hg.pidgin.im/pidgin/main/rev/4c897372b5a4 • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 51%CPEs: 53EXPL: 1CVE-2013-6490 – pidgin: Heap-based buffer overflow in SIMPLE protocol plugin
https://notcve.org/view.php?id=CVE-2013-6490
04 Feb 2014 — The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow. La funcionalidad del protocolo SIMPLE en Pidgin anterior a 2.10.8 permite a atacantes remotos tener un impacto no especificado a través de una cabecera Content-Length negativo, lo que provoca un desbordamiento de buffer. The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, whic... • https://github.com/Everdoh/CVE-2013-6490 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 1%CPEs: 53EXPL: 0CVE-2012-6152 – pidgin: DoS when decoding non-UTF-8 strings in Yahoo protocol plugin
https://notcve.org/view.php?id=CVE-2012-6152
04 Feb 2014 — The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences. El plugin del protocolo de Yahoo! en libpurple en Pidgin anterior a 2.10.8 no valida debidamente datos UTF-8, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de secuencias de bytes manipuladas. The Yahoo! • http://hg.pidgin.im/pidgin/main/rev/b0345c25f886 • CWE-20: Improper Input Validation CWE-172: Encoding Error •
CVSS: 7.5EPSS: 3%CPEs: 53EXPL: 0CVE-2014-0020 – pidgin: DoS in IRC protocol plugin due to arguement parsing
https://notcve.org/view.php?id=CVE-2014-0020
04 Feb 2014 — The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message. El plugin del protocolo IRC en libpurple en Pidgin anterior a 2.10.8 no valida la cantidad de argumentos, lo que permite a servidores IRC remotos causar una denegación de servicio (caída de la aplicación) a través de un mensaje manipulado. The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not... • http://hg.pidgin.im/pidgin/main/rev/4d9be297d399 • CWE-20: Improper Input Validation CWE-628: Function Call with Incorrectly Specified Arguments •
CVSS: 7.5EPSS: 0%CPEs: 51EXPL: 0CVE-2013-0271 – Gentoo Linux Security Advisory 201405-22
https://notcve.org/view.php?id=CVE-2013-0271
16 Feb 2013 — The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname. El plugin de protocolo MXit en libpurple en Pidgin anterior a v2.10.7 puede permitir a atacantes remotos sobreescribir ficheros mediante una ruta (1) mxit o (2) mxit/imagestrips Multiple vulnerabilities in Pidgin may allow execution of arbitrary code. Versions less than 2.10.9 are affected. • http://hg.pidgin.im/pidgin/main/rev/a8aef1d340f2 •
CVSS: 9.8EPSS: 1%CPEs: 51EXPL: 0CVE-2013-0272 – pidgin: MXit protocol stack-based buffer overflow when processing HTTP headers
https://notcve.org/view.php?id=CVE-2013-0272
16 Feb 2013 — Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header. Desbordamiento de búfer en http.c en el plugin de protocolo MXit en libpurple en Pidgin anteiror a v2.10.7 permite a servidores remotos ejecutar código mediante un header HTTP de gran longitud. Multiple vulnerabilities in Pidgin may allow execution of arbitrary code. Versions less than 2.10.9 are affected. • http://hg.pidgin.im/pidgin/main/rev/879db2a9a59c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •