libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support.
Max CVSS
4.0
EPSS Score
1.13%
Published
2010-10-28
Updated
2017-09-19
The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.
Max CVSS
4.0
EPSS Score
1.39%
Published
2010-07-30
Updated
2017-09-19
The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message.
Max CVSS
5.0
EPSS Score
9.57%
Published
2010-05-14
Updated
2023-03-31
gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat.
Max CVSS
5.0
EPSS Score
22.90%
Published
2010-02-24
Updated
2017-09-19
libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname.
Max CVSS
4.3
EPSS Score
9.75%
Published
2010-02-24
Updated
2017-09-19
slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.
Max CVSS
5.0
EPSS Score
20.87%
Published
2010-01-09
Updated
2017-09-19
6 vulnerabilities found