CVSS: 5.0EPSS: 11%CPEs: 46EXPL: 0CVE-2009-3615 – Pidgin: Invalid pointer dereference (crash) after receiving contacts from SIM IM client
https://notcve.org/view.php?id=CVE-2009-3615
The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client. El conponente OSCAR protocol en libpurple en Pidgin v2.6.3 y Adium anterior v1.3.7, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de datos de una lista de contactos manipulada para (1) ICQ y probablemete (2) AIM, como se ha demostrado con el cliente SIM IM. • http://developer.pidgin.im/ticket/10481 http://developer.pidgin.im/viewmtn/revision/info/781682333aea0c801d280c3507ee25552a60bfc0 http://developer.pidgin.im/wiki/ChangeLog http://secunia.com/advisories/37017 http://secunia.com/advisories/37072 http://www.mandriva.com/security/advisories?name=MDVSA-2010:085 http://www.pidgin.im/news/security/?id=41 http://www.securityfocus.com/bid/36719 http://www.vupen.com/english/advisories/2009/2949 http://www.vupen.com/english/advisories/2009/2951 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 12%CPEs: 29EXPL: 3CVE-2009-2694 – Pidgin MSN 2.5.8 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-2694
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376. La función msn_slplink_process_msg en libpurple/protocols/msn/slplink.c en libpurple, tal como se usa en Pidgin (anteriormente Gaim) en versiones anteriores a la 2.5.9 y Adium 1.3.5 y versiones anteriores, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) mediante el envío de múltiples mensajes SLP (alias MSNSLP) manipulados para disparar una sobreescritura de una zona de memoria de su elección. NOTA: esta vulnerabilidad reportada está causada por una reparación incompleta de CVE-2009-1376. • https://www.exploit-db.com/exploits/9615 http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e http://developer.pidgin.im/wiki/ChangeLog http://secunia.com/advisories/36384 http://secunia.com/advisories/36392 http://secunia.com/advisories/36401 http://secunia.com/advisories/36402 http://secunia.com/advisories/36708 http://secunia.com/advisories/37071 http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1 http://www.coresecurity.com/content/lib • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •