Search
Search Results (90 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-1178 | 2 Pidgin, Redhat | 2 Pidgin, Enterprise Linux | 2025-04-11 | N/A |
| The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding. | ||||
| CVE-2012-6152 | 2 Pidgin, Redhat | 2 Pidgin, Enterprise Linux | 2025-04-11 | N/A |
| The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences. | ||||
| CVE-2013-6490 | 2 Pidgin, Redhat | 2 Pidgin, Enterprise Linux | 2025-04-11 | N/A |
| The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow. | ||||
| CVE-2014-0020 | 2 Pidgin, Redhat | 2 Pidgin, Enterprise Linux | 2025-04-11 | N/A |
| The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message. | ||||
| CVE-2011-3594 | 2 Pidgin, Redhat | 3 Libpurple, Pidgin, Enterprise Linux | 2025-04-11 | N/A |
| The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2. | ||||
| CVE-2012-3374 | 2 Pidgin, Redhat | 2 Pidgin, Enterprise Linux | 2025-04-11 | N/A |
| Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message. | ||||
| CVE-2022-26491 | 2 Debian, Pidgin | 2 Debian Linux, Pidgin | 2024-11-21 | 5.9 Medium |
| An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968. | ||||
| CVE-2017-2640 | 3 Debian, Pidgin, Redhat | 8 Debian Linux, Pidgin, Enterprise Linux and 5 more | 2024-11-21 | N/A |
| An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process. | ||||
| CVE-2016-1000030 | 2 Pidgin, Suse | 2 Pidgin, Linux Enterprise Server | 2024-11-21 | N/A |
| Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0. | ||||
| CVE-2012-1257 | 1 Pidgin | 1 Pidgin | 2024-11-21 | 5.5 Medium |
| Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor. | ||||