CVE-2007-4999 — Improper Input Validation in Pidgin

CWE-20 — Improper Input Validation6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

1.5%

top 18.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pidgin Debian Pidgin

Timeline

PublishedOct 29

Latest updateMay 1

Description

libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/pidgin< pidgin 2.2.2-1 (bookworm)

▶Debianpidgin/pidgin< 2.2.2-1+3

▶NVDpidgin/pidgin2.1.0, 2.2.0, 2.2.1+2

Patches

Patch: secunia.com ↗Patch: www.pidgin.im ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-qcj3-h9mr-5c65: libpurple in Pidgin 2↗2022-05-01

▶

OSV

CVE-2007-4999: libpurple in Pidgin 2↗2007-10-29

▶

📋Vendor Advisories

Ubuntu

Pidgin vulnerability↗2007-11-28

▶

Debian

CVE-2007-4999: pidgin - libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote ...↗2007

▶

Red Hat

CVE-2007-4999: libpurple in Pidgin 2↗

▶