CVSS: 7.5EPSS: 1%CPEs: 45EXPL: 0CVE-2011-4602 – pidgin: Multiple NULL pointer deference flaws by processing certain Jingle stanzas in the XMPP protocol plug-in
https://notcve.org/view.php?id=CVE-2011-4602
17 Dec 2011 — The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message. El complemento del protocolo XMPP de libpurple de Pidgin en versiones anteriores a 2.10.1 no maneja apropiadamente campos faltantes en párrafos (1) voice-chat y (2) video-chat, lo que permite a atacantes remotos provocar una denegación de servicio (caída de la a... • http://developer.pidgin.im/viewmtn/revision/info/fb216fc88b085afc06d9a15209519cde1f4df6c6 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 45EXPL: 0CVE-2011-4603 – pidgin: SILC remote crash on channel messages
https://notcve.org/view.php?id=CVE-2011-4603
17 Dec 2011 — The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594. La función silc_channel_message de ops.c del complemento del protocolo SILC de libpurple de Pidgin en versiones anteriores 2.10.1 no realiza la validación prevista UTF-8 en los datos del mensa... • http://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.c • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 4%CPEs: 46EXPL: 0CVE-2011-2943
https://notcve.org/view.php?id=CVE-2011-2943
29 Aug 2011 — The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response. La función irc_msg_who en msgs.c en el plugin del protocolo IRC en libpurple v2.8.0 hasta v2.9.0 en Pidgin anterior a v2.10.0 no valida adecuadament... • http://developer.pidgin.im/viewmtn/revision/diff/5749f9193063800d27bef75c2388f6f9cc2f7f37/with/5c2dba4a7e2e76b76e7f472b88953a4316706d43/libpurple/protocols/irc/msgs.c •
CVSS: 7.5EPSS: 2%CPEs: 44EXPL: 0CVE-2011-3184
https://notcve.org/view.php?id=CVE-2011-3184
29 Aug 2011 — The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message. La función msn_httpconn_parse_data en httpconn.c en el plugin del protocolo MSN en libpurple en Pidgin anterior a v2.10.0 no maneja adecuadamente 100 respuestas HTTP, lo que permite a atacantes rem... • http://developer.pidgin.im/viewmtn/revision/diff/5c2dba4a7e2e76b76e7f472b88953a4316706d43/with/16af0661899a978b4fedc1c165965b85009013d1/libpurple/protocols/msn/httpconn.c • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 5%CPEs: 45EXPL: 0CVE-2011-3185
https://notcve.org/view.php?id=CVE-2011-3185
29 Aug 2011 — gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message. gtkutils.c en Pidgin anterior a v2.10.0 sobre Windows permite a atacantes remotos asistidos por el usuario ejecutar programas a través de un fichero: URL en un mensaje. • http://developer.pidgin.im/viewmtn/revision/diff/29484df15413fe3bbd21bbfcef26a55362055a81/with/5749f9193063800d27bef75c2388f6f9cc2f7f37/pidgin/gtkutils.c • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 0CVE-2011-1091 – Pidgin: Multiple NULL pointer dereference flaws in Yahoo protocol plug-in
https://notcve.org/view.php?id=CVE-2011-1091
14 Mar 2011 — libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message. libymsg.c en Yahoo! en el plugin del protocolo en libpurple en Pidgin v2.6.0 hasta v2.7.10 permite (1) a usuarios autenti... • http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 2%CPEs: 42EXPL: 0CVE-2010-4528
https://notcve.org/view.php?id=CVE-2010-4528
07 Jan 2011 — directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session. directconn.c en el plugin del protocolo de MSN en libpurple v2.7.6 hasta y 2.7.8 a través de Pidgin anteriores a v2.7.9 que permite a usuarios remotos autenticados causar una denegación de servicio (desreferencia a un puntero N... • http://developer.pidgin.im/viewmtn/revision/diff/e76f4ad4ef2f10588195a0eedc7a08f82062f79c/with/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031/libpurple/protocols/msn/directconn.c • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 34EXPL: 0CVE-2010-3711 – (libpurple): Multiple DoS (crash) flaws by processing of unsanitized Base64 decoder values
https://notcve.org/view.php?id=CVE-2010-3711
27 Oct 2010 — libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support. libpurple en Pidgin anterior a v2.7.4 no valida correctamente el valor de retorno de la función purple_base64_decode, lo cual permite a usuarios remotos autent... • http://developer.pidgin.im/viewmtn/revision/info/b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 2%CPEs: 32EXPL: 0CVE-2010-2528
https://notcve.org/view.php?id=CVE-2010-2528
29 Jul 2010 — The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element. La función clientautoresp de family_icbm.c en el complemento de protocolo oscar en libpurple de Pidgin en versiones anteriores a la v2.7.2 permite a usuarios autenticados remotos provocar una deneg... • http://developer.pidgin.im/viewmtn/revision/diff/fcb70f7c12120206d30ad33223ff85be7b226d1c/with/8e8ff246492e45af8f8d0808296d6f2906794dc0/libpurple/protocols/oscar/family_icbm.c • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 3%CPEs: 5EXPL: 0CVE-2010-1624 – Pidgin: MSN SLP emoticon DoS (NULL pointer dereference)
https://notcve.org/view.php?id=CVE-2010-1624
14 May 2010 — The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message. La función msn_emoticon_msg en slp.c en el plugin MSN protocol en libpurple en Pidgin en versiones anteriores a la 2.7.0 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante un emoticono personalizado en... • http://developer.pidgin.im/viewmtn/revision/diff/884d44222e8c81ecec51c25e07d005e002a5479b/with/894460d22c434e73d60b71ec031611988e687c8b/libpurple/protocols/msn/slp.c • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •