Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message.
Max CVSS
7.5
EPSS Score
26.01%
Published
2012-07-07
Updated
2017-12-01
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message.
Max CVSS
5.0
EPSS Score
1.23%
Published
2012-07-03
Updated
2017-12-29
proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests.
Max CVSS
3.5
EPSS Score
0.32%
Published
2012-07-03
Updated
2017-12-29
The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding.
Max CVSS
5.0
EPSS Score
1.21%
Published
2012-03-15
Updated
2018-01-18
The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room.
Max CVSS
6.4
EPSS Score
1.55%
Published
2012-03-15
Updated
2018-01-18
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.
Max CVSS
2.1
EPSS Score
0.04%
Published
2012-08-08
Updated
2017-09-19
6 vulnerabilities found