CVE-2007-4999 : libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote

libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996.

Published 2007-10-29 22:46:00

Updated 2025-04-09 00:30:58

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2007-4999

Pidgin » Pidgin » Version: 2.2.0
cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*
Matching versions
Pidgin » Pidgin » Version: 2.2.1
cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*
Matching versions
Pidgin » Pidgin » Version: 2.1.0
cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-4999

EPSS FAQ

1.37%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 78 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-4999

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2007-4999

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2007-4999

Red Hat 2007-11-01

Not vulnerable. This issue did not affect the versions of Pidgin or Gaim as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

References for CVE-2007-4999

http://secunia.com/advisories/27495

About Secunia Research | Flexera
http://osvdb.org/38695
http://www.securityfocus.com/bid/26205
http://www.ubuntu.com/usn/usn-548-1

USN-548-1: Pidgin vulnerability | Ubuntu security notices | Ubuntu
http://www.securityfocus.com/archive/1/483580/100/0/threaded
http://secunia.com/advisories/27858

About Secunia Research | Flexera
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18357

404 Not Found
https://exchange.xforce.ibmcloud.com/vulnerabilities/38132

Pidgin HTML data denial of service CVE-2007-4999 Vulnerability Report
http://secunia.com/advisories/27372

About Secunia Research | Flexera
Patch;Vendor Advisory
http://www.pidgin.im/news/security/?id=24

404 Page not found
Patch
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00011.html

[SECURITY] Fedora 7 Update: pidgin-2.2.2-1.fc7
http://www.vupen.com/english/advisories/2007/3624

Site en construction