[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-3085Date: (C)2009-09-08   (M)2024-02-01


The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
BID-36277
SECUNIA-36601
http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8
http://www.pidgin.im/news/security/index.php?id=37
oval:org.mitre.oval:def:11223
oval:org.mitre.oval:def:6434

CPE    26
cpe:/a:pidgin:pidgin:2.1.0
cpe:/a:pidgin:pidgin:2.1.1
cpe:/a:pidgin:pidgin:2.3.0
cpe:/a:pidgin:pidgin:2.3.1
...
OVAL    14
oval:org.secpod.oval:def:300610
oval:org.secpod.oval:def:100362
oval:org.secpod.oval:def:300584
oval:org.mitre.oval:def:6434
...

© SecPod Technologies