CVSS: 9.8EPSS: 5%CPEs: 21EXPL: 0CVE-2009-1373 – pidgin file transfer buffer overflow
https://notcve.org/view.php?id=CVE-2009-1373
26 May 2009 — Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer en XMPP SOCKS5 bytestream server en Pidgin anteriores a v2.5.6 permite a usuarios remotos autenticados ejecutar código de forma arbitraria a través de vectores que incluyen una transferencia de fichero saliente ... • http://debian.org/security/2009/dsa-1805 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 5%CPEs: 21EXPL: 0CVE-2009-1375 – pidgin PurpleCircBuffer corruption
https://notcve.org/view.php?id=CVE-2009-1375
26 May 2009 — The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol. La implementación PurpleCircBuffer en Pidgin anteriores a v2.5.6 no mantienen de forma adecuada cierto búfer, lo que permite a atacantes remotos producir una denegación de servicio (corrupción de memoria y caída de aplicación) a t... • http://debian.org/security/2009/dsa-1805 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 25%CPEs: 9EXPL: 1CVE-2009-1376 – Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-1376
26 May 2009 — Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927. Múltiples desbordamientos de entero en las funciones msn_slplink_... • https://www.exploit-db.com/exploits/9615 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 6%CPEs: 25EXPL: 0CVE-2008-2927 – Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-2927
07 Jul 2008 — Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955. Múltiples desbordamiento de enteros en las funciones msn_slplink_process_msg en el manejador de protocolo MSN en los archivos (1) libpu... • http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2007-4999
https://notcve.org/view.php?id=CVE-2007-4999
29 Oct 2007 — libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996. libpurple de Pidgin 2.1.0 hasta 2.2.1, cuando se utiliza la autenticación HTML, permite a atacantes remotos provocar una denegación de servicio (referencia a NULL y caída de aplicación) mediante un mensaje que contiene datos HTML inválidos, vector distinto de CVE-20... • http://osvdb.org/38695 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4996
https://notcve.org/view.php?id=CVE-2007-4996
01 Oct 2007 — libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location." libpurple de Pidgin versiones anteriores a 2.2.1 no gestiona apropiadamente los mensajes personalizados de usuarios que no están en la lista de amigos del receptor, lo cual permite a atacantes remotos provocar una denegación de servicio (... • http://fedoranews.org/updates/FEDORA-2007-236.shtml •