Shodan
Vulnerabilities
Vulnerable Software
Pidgin:  >> Pidgin  >> 2.10.1  Security Vulnerabilities
CVE-2014-3695
markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response.
CVSS Score
5.0
EPSS Score
0.025
Published
2014-10-29
CVE-2014-3696
nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.
CVSS Score
5.0
EPSS Score
0.025
Published
2014-10-29
CVE-2014-3697
Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme.
CVSS Score
6.4
EPSS Score
0.009
Published
2014-10-29
CVE-2014-3698
The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.
CVSS Score
5.0
EPSS Score
0.013
Published
2014-10-29
CVE-2013-6490
The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow.
CVSS Score
10.0
EPSS Score
0.519
Published
2014-02-06
CVE-2013-6481
libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read.
CVSS Score
5.0
EPSS Score
0.013
Published
2014-02-06
CVE-2013-6482
Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header.
CVSS Score
5.0
EPSS Score
0.008
Published
2014-02-06
CVE-2013-6487
Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow.
CVSS Score
7.5
EPSS Score
0.029
Published
2014-02-06
CVE-2013-6489
Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow.
CVSS Score
5.0
EPSS Score
0.005
Published
2014-02-06
CVE-2014-0020
The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message.
CVSS Score
5.0
EPSS Score
0.033
Published
2014-02-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved