CVE-2012-1178Pidgin vulnerability

CWE-3997 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
1.1%
top 21.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PidginDebian Pidgin
Timeline
PublishedMar 15
Latest updateMay 14

Description

The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/pidgin< pidgin 2.10.2-1 (bookworm)
Debianpidgin/pidgin< 2.10.2-1+3
NVDpidgin/pidgin2.10.1+45

🔴Vulnerability Details

2
GHSA
GHSA-gxvf-mxfh-phm4: The msn_oim_report_to_user function in oim2022-05-14
OSV
CVE-2012-1178: The msn_oim_report_to_user function in oim2012-03-15

📋Vendor Advisories

3
Ubuntu
Pidgin vulnerabilities2012-07-09
Red Hat
pidgin: Client abort in the MSN protocol plug-in by attempt to display certain, not UTF-8 encoded text2012-01-17
Debian
CVE-2012-1178: pidgin - The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpu...2012

💬Community

1
Bugzilla
CVE-2012-1178 pidgin: Client abort in the MSN protocol plug-in by attempt to display certain, not UTF-8 encoded text2012-03-14