Download
| Alert*
oval:org.secpod.oval:def:1800857
An out-of-bounds write vulnerability was found in purple_markup_unescape_entity. It can be triggered by sending invalid XML entities separated by whitespace, eg "ஸ". In default installation, this can get called only when receiving data from a server. Fixed In Version: pidgin 2.12.0 oval:org.secpod.oval:def:602812 It was discovered a vulnerability in Pidgin, a multi-protocol instant messaging client. A server controlled by an attacker can send an invalid XML that can trigger an out-of-bound memory access. This might lead to a crash or, in some extreme cases, to remote code execution in the client-side. oval:org.secpod.oval:def:1800545 An out-of-bounds write vulnerability was found in purple_markup_unescape_entity. It can be triggered by sending invalid XMLentities separated by whitespace, eg "ஸ". In default installation, this can get called only when receiving data from a server. Fixed In Version pidgin 2.12.0 oval:org.secpod.oval:def:201978 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The AOL Open System for CommunicAtion in Realtime protocol is used by the AOL ICQ and AIM instant messaging systems. A denial of service flaw was found in the Pidgin O ... oval:org.secpod.oval:def:201571 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messa ... oval:org.secpod.oval:def:201610 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messa ... oval:org.secpod.oval:def:6275 The host is installed with Pidgin before 2.10.4 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle canceled SOCKS5 connection attempts. Successful exploitation allows user-assisted remote authenticated users to cause application cras ... oval:org.secpod.oval:def:700930 pidgin: graphical multi-protocol instant messaging client for X Several security issues were fixed in Pidgin. oval:org.secpod.oval:def:106335 Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add ... oval:org.secpod.oval:def:106405 Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add ... oval:org.secpod.oval:def:502115 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The following packages have been upgraded to a later upstream version: pidgin . Security Fix: * A denial of service flaw was found in the way Pidgin"s Mxit plug-in han ... oval:org.secpod.oval:def:1502005 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:16812 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly allocate memory for HTTP responses that are inconsistent with the Content-Length header. Successful exploitation allows attackers to cause an ... oval:org.secpod.oval:def:16933 The host is installed with Pidgin before 2.5.6 and is prone to buffer overflow vulnerability. The flaw is present in the decrypt_out function in Pidgin, which fails to handle a QQ packet. Successful exploitation could allow remote attackers to cause a denial of service (application crash). oval:org.secpod.oval:def:2189 The host is installed with Pidgin before 2.10.0 and is prone to NULL pointer dereference vulnerability. A flaw is present in the application, which is caused by an error in the IRC protocol plugin when handling WHO responses with special characters in the nicknames. Successful exploitation allow att ... oval:org.secpod.oval:def:16811 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly interact with underlying library support for wide Pango layouts. Successful exploitation allows attackers to cause an application crash. oval:org.secpod.oval:def:16810 The host is installed with Pidgin before 2.10.8 and is prone to multiple integer signedness error vulnerabilities. The flaws are present in the application, which fails to handle a crafted timestamp value in an XMPP message. Successful exploitation allows attackers to cause an application crash. oval:org.secpod.oval:def:16930 The host is installed with Pidgin before 2.7.10 and is prone to information disclosure vulnerability. The flaw is present in the cipher.c in the Cipher API in libpurple in Pidgin, which retains encryption-key data in process memory. Successful exploitation might allow local users to obtain sensitive ... oval:org.secpod.oval:def:16809 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly validate UTF-8 data. Successful exploitation allows attackers to cause an application crash. oval:org.secpod.oval:def:16927 The host is installed with Pidgin before 2.5.8 and is prone to denial of service vulnerability. The flaw is present in the OSCAR protocol implementation in Pidgin, which fails to handle a crafted ICQ web message that triggers allocation of a large amount of memory. Successful exploitation could allo ... oval:org.secpod.oval:def:601239 Multiple vulnerabilities have been discovered in pidgin, a multi-protocol instant messaging client. In addition to fixing the vulnerabilities, this revision specific to the oldstable distribution , reduces the supported protocols to: IRC, Jabber/XMPP, Sametime, and SIMPLE. Users of other protocols a ... oval:org.secpod.oval:def:16822 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle a negative Content-Length header. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:16821 The host is installed with Pidgin before 2.10.8 and is prone to integer signedness error vulnerability. A flaw is present in the application, which fails to properly handle a crafted emoticon value. Successful exploitation allows attackers to cause denial of service (segmentation fault). oval:org.secpod.oval:def:16816 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle message containing a file: URL that is improperly handled during construction of an explorer.exe command. Successful exploitation allo ... oval:org.secpod.oval:def:16815 The host is installed with Pidgin before 2.10.8 and is prone to buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle invalid chunk-size field in chunked transfer-coding data. Successful exploitation allows attackers to cause an application crash. oval:org.secpod.oval:def:16814 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle sockets. Successful exploitation allows remote STUN servers to cause a denial of service (out-of-bounds write operation and applicatio ... oval:org.secpod.oval:def:2190 The host is installed with Pidgin before 2.10.0 and is prone to denial of service vulnerability. A flaw is present in the application, which is caused by an error in the MSN protocol when parsing HTTP 100 responses. Successful exploitation allows attackers to execute arbitrary code, this only affect ... oval:org.secpod.oval:def:16813 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly determine whether the from address in an iq reply is consistent with the to address in an iq request. Successful exploitation allows attacker ... oval:org.secpod.oval:def:16934 The host is installed with Pidgin before 2.5.6 and is prone to denial of service vulnerability. The flaw is present in the PurpleCircBuffer implementation in Pidgin, which fails to handle vectors involving the (1) XMPP or (2) Sametime protocol. Successful exploitation could allow remote attackers to ... oval:org.secpod.oval:def:16819 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted SOAP response, OIM XML response or Content-Length header. Successful exploitation allows attackers to cause a NULL pointer dereferenc ... oval:org.secpod.oval:def:2191 The host is installed with Pidgin before 2.10.0 and is prone to remote code execution vulnerability. A flaw is present in the application, which is caused by an error related to file:// URIs. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:16818 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle a Yahoo! P2P message with a crafted length field. Successful exploitation allows attackers to cause an application crash. oval:org.secpod.oval:def:16817 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly validate argument counts. Successful exploitation allows attackers to cause an application crash. oval:org.secpod.oval:def:701195 pidgin: graphical multi-protocol instant messaging client for X Several security issues were fixed in Pidgin. oval:org.secpod.oval:def:7299 The host is installed with Pidgin before 2.10.5 and is prone to buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted inline image in a message. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:40397 The host is installed with Pidgin before 2.12.0 and is prone to an out-of-bounds write vulnerability. A flaw is present in the application, which fails to properly handle a invalid xml. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:600846 Ulf Härnhammar found a buffer overflow in Pidgin, a multi protocol instant messaging client. The vulnerability can be exploited by an incoming message in the MXit protocol plugin. A remote attacker may cause a crash, and in some circumstances can lead to remote code execution. oval:org.secpod.oval:def:831 The host is installed with Pidgin and is prone to denial of service vulnerability. A flaw is present in directconn.c in the MSN protocol plugin in libpurple, which fails to handle short p2pv2 packets in a DirectConnect session. Successful exploitation could allow remote attackers to execute arbitrar ... oval:org.secpod.oval:def:202642 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending ... oval:org.secpod.oval:def:204666 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The following packages have been upgraded to a later upstream version: pidgin . Security Fix: * A denial of service flaw was found in the way Pidgin"s Mxit plug-in han ... oval:org.secpod.oval:def:202405 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sendi ... oval:org.secpod.oval:def:703522 pidgin: graphical multi-protocol instant messaging client for X Pidgin could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1500125 Updated pidgin packages that fix three security issues are now availablefor Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:701562 pidgin: graphical multi-protocol instant messaging client for X Several security issues were fixed in Pidgin. oval:org.secpod.oval:def:203036 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response, causing ... oval:org.secpod.oval:def:1500373 Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ... oval:org.secpod.oval:def:601212 Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client: CVE-2013-6477 Jaime Breva Ribes discovered that a remote XMPP user can trigger a crash by sending a message with a timestamp in the distant future. CVE-2013-6478 Pidgin could be crashed through overly ... oval:org.secpod.oval:def:9323 The host is installed with Pidgin before 2.10.7 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to handle crafted mxit or mxit/imagestrips pathname. Successful exploitation allows attackers to create or overwrite files. oval:org.secpod.oval:def:202042 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The AOL Open System for CommunicAtion in Realtime protocol is used by the AOL ICQ and AIM instant messaging systems. A denial of service flaw was found in the Pidgin O ... oval:org.secpod.oval:def:9320 The host is installed with Pidgin before 2.10.7 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly terminate long strings in UPnP responses. Successful exploitation allows attackers to cause an application crash by leveraging access to the ... oval:org.secpod.oval:def:9321 The host is installed with Pidgin before 2.10.7 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly terminate long user IDs. Successful exploitation allows attackers to cause an application crash via a crafted packet. oval:org.secpod.oval:def:9322 The host is installed with Pidgin before 2.10.7 and is prone to buffer overflow vulnerability. A flaw is present in the application, which fails to handle a long HTTP header. Successful exploitation allows attackers to execute arbitrary code. oval:org.secpod.oval:def:3518 The host is installed with Pidgin before 2.10.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle invalid UTF-8 data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:3516 The host is installed with Pidgin before 2.10.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle invalid UTF-8 data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:500115 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Multiple NULL pointer dereference flaws were found in the way the Pidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote attacker could use t ... oval:org.secpod.oval:def:202404 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sendi ... oval:org.secpod.oval:def:6232 The host is installed with Pidgin before 2.10.4 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle crafted characters. Successful exploitation allows remote servers to cause application crash by placing these characters in a text/pla ... oval:org.secpod.oval:def:501024 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending ... oval:org.secpod.oval:def:500211 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messa ... oval:org.secpod.oval:def:500058 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messa ... oval:org.secpod.oval:def:202641 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending ... oval:org.secpod.oval:def:3639 The host is installed with Pidgin before 2.10.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to perform the expected UTF-8 validation on message data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:3519 The host is installed with Pidgin before 2.10.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to ensure that the incoming message contained all required fields. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:3517 The host is installed with Pidgin before 2.10.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to ensure that the incoming message contained all required fields. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:3640 The host is installed with Pidgin before 2.10.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to perform the expected UTF-8 validation on message data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:202861 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messa ... oval:org.secpod.oval:def:501186 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response, causing ... oval:org.secpod.oval:def:203026 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response, causing ... oval:org.secpod.oval:def:16932 The host is installed with Pidgin before 2.5.6 and is prone to buffer overflow vulnerability. The flaw is present in the XMPP SOCKS5 bytestream server in Pidgin, which fails to handle vectors involving an outbound XMPP file transfer. Successful exploitation could allow remote authenticated users to ... oval:org.secpod.oval:def:500660 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The AOL Open System for CommunicAtion in Realtime protocol is used by the AOL ICQ and AIM instant messaging systems. A denial of service flaw was found in the Pidgin O ... oval:org.secpod.oval:def:4898 The host is installed with Pidgin before 2.10.2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin. Successful exploitation could allow remote attackers to cause a denial of service ... oval:org.secpod.oval:def:4900 The host is installed with Pidgin before 2.10.2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin. Successful exploitation could allow remote attackers to cause a denial of service ... oval:org.secpod.oval:def:4899 The host is installed with Pidgin before 2.10.2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin. Successful exploitation could allow remote servers ... oval:org.secpod.oval:def:4901 The host is installed with Pidgin before 2.10.2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin. Successful exploitation could allow remote servers ... oval:org.secpod.oval:def:500853 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sendi ... oval:org.secpod.oval:def:7300 The host is installed with Pidgin before 2.10.5 and is prone to buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted inline image in a message. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:202159 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol . If a Pidgin client initiates a f ... oval:org.secpod.oval:def:16929 The host is installed with Pidgin before 2.6.3 and is prone to denial of service vulnerability. The flaw is present in the OSCAR protocol plugin in libpurple in Pidgin, which fails to properly handle crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client. Su ... oval:org.secpod.oval:def:202142 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The AOL Open System for Communication in Realtime protocol is used by the AOL ICQ and AIM instant messaging systems. An invalid pointer dereference bug was found in th ... oval:org.secpod.oval:def:500685 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol . If a Pidgin client initiates a f ... oval:org.secpod.oval:def:202148 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Federico Muttis of Core Security Technologies discovered a flaw in Pidgin"s MSN protocol handler. If a user received a malicious MSN message, it was possible to execute ... oval:org.secpod.oval:def:500445 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Multiple NULL pointer dereference flaws were found in the way Pidgin handled Base64 decoding. A remote attacker could use these flaws to crash Pidgin if the target Pidg ... oval:org.secpod.oval:def:201855 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Multiple NULL pointer dereference flaws were found in the way Pidgin handled Base64 decoding. A remote attacker could use these flaws to crash Pidgin if the target Pidg ... oval:org.secpod.oval:def:826 The host is installed with Pidgin and is prone to denial of service vulnerability. A flaw is present in libpurple in Finch, which fails to handle nicknames containing br tag sequences in multi-user chat (MUC) room environment. Successful exploitation could allow remote attackers to execute arbitrary ... oval:org.secpod.oval:def:825 The host is installed with Pidgin and is prone to denial of service vulnerability. A flaw is present in slp.c in the MSN protocol plugin in libpurple, which fails to handle malformed MSNSLP INVITE request in an SLP message. Successful exploitation could allow remote attackers to corrupt memory and c ... oval:org.secpod.oval:def:500610 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Info/Query is an Extensible Messaging and Presence Protocol specific request-response mechanism. A NULL pointer dereference flaw was found in the way the Pidgin XMPP ... oval:org.secpod.oval:def:828 The host is installed with Pidgin and is prone to denial of service vulnerability. A flaw is present in the msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple, which fails to handle a custom emoticon in a malformed SLP message. Successful exploitation could allow remote attac ... oval:org.secpod.oval:def:827 The host is installed with Pidgin and is prone to denial of service vulnerability. A flaw is present in the display feature, which fails to handle overly large number of smileys into an IM or chat window. Successful exploitation could allow remote attackers to execute arbitrary code and cause a deni ... oval:org.secpod.oval:def:829 The host is installed with Pidgin and is prone to denial of service vulnerability. A flaw is present in the clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple, which fails to handle an X-Status message that lacks the expected end tag for a desc or title element. Succe ... oval:org.secpod.oval:def:202122 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol . If a Pidgin client initiates a f ... oval:org.secpod.oval:def:202121 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Federico Muttis of Core Security Technologies discovered a flaw in Pidgin"s MSN protocol handler. If a user received a malicious MSN message, it was possible to execute ... oval:org.secpod.oval:def:500586 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The AOL Open System for Communication in Realtime protocol is used by the AOL ICQ and AIM instant messaging systems. An invalid pointer dereference bug was found in th ... oval:org.secpod.oval:def:830 The host is installed with Pidgin and is prone to denial of service vulnerability. A flaw is present in the purple_base64_decode function, which fails to handle Base64 encoded messages causing a NULL pointer dereference. Successful exploitation could allow remote attackers to execute arbitrary code ... oval:org.secpod.oval:def:500505 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Federico Muttis of Core Security Technologies discovered a flaw in Pidgin"s MSN protocol handler. If a user received a malicious MSN message, it was possible to execute ... oval:org.secpod.oval:def:202008 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Info/Query is an Extensible Messaging and Presence Protocol specific request-response mechanism. A NULL pointer dereference flaw was found in the way the Pidgin XMPP ... oval:org.mitre.oval:def:6338 The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized var ... oval:org.mitre.oval:def:6322 The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonst ... oval:org.secpod.oval:def:500476 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Multiple NULL pointer dereference flaws were found in the way Pidgin handled Base64 decoding. A remote attacker could use these flaws to crash Pidgin if the target Pidg ... oval:org.mitre.oval:def:6320 The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending mult ... oval:org.secpod.oval:def:201944 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way Pidgin"s MSN protocol implementation handled MSNSLP invitations. A remote attacker could send a specially-crafted INVITE ... oval:org.secpod.oval:def:500480 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way Pidgin"s MSN protocol implementation handled MSNSLP invitations. A remote attacker could send a specially-crafted INVITE ... oval:org.secpod.oval:def:202185 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The AOL Open System for Communication in Realtime protocol is used by the AOL ICQ and AIM instant messaging systems. An invalid pointer dereference bug was found in th ... oval:org.mitre.oval:def:6434 The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images. oval:org.mitre.oval:def:6435 libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string. oval:org.secpod.oval:def:201937 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way Pidgin"s MSN protocol implementation handled MSNSLP invitations. A remote attacker could send a specially-crafted INVITE ... oval:org.secpod.oval:def:201919 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Multiple NULL pointer dereference flaws were found in the way Pidgin handled Base64 decoding. A remote attacker could use these flaws to crash Pidgin if the target Pidg ... oval:org.secpod.oval:def:202168 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Info/Query is an Extensible Messaging and Presence Protocol specific request-response mechanism. A NULL pointer dereference flaw was found in the way the Pidgin XMPP ... |