Shodan
Vulnerabilities
Vulnerable Software
Pidgin:  >> Pidgin  >> 2.7.11  Security Vulnerabilities
CVE-2011-4602
The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.
CVSS Score
5.0
EPSS Score
0.015
Published
2011-12-17
CVE-2011-3594
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.
CVSS Score
4.3
EPSS Score
0.01
Published
2011-11-04
CVE-2011-3184
The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.
CVSS Score
4.3
EPSS Score
0.027
Published
2011-08-29
CVE-2011-3185
gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message.
CVSS Score
9.3
EPSS Score
0.051
Published
2011-08-29
CVE-2011-2943
The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.
CVSS Score
4.3
EPSS Score
0.04
Published
2011-08-29
CVE-2010-3088
The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0.2.1 and earlier for Pidgin allows remote attackers to execute arbitrary commands via shell metacharacters in a message.
CVSS Score
5.1
EPSS Score
0.007
Published
2010-10-08
CVE-2009-2404
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
CVSS Score
9.3
EPSS Score
0.21
Published
2009-08-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved