Debian Pidgin vulnerabilities

85 known vulnerabilities affecting debian/pidgin.

Total CVEs

85

CISA KEV

0

Public exploits

5

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH10MEDIUM43LOW31

Vulnerabilities

Page 5 of 5

CVE-2008-2956LOWCVSS 5.02008

CVE-2008-2956 [MEDIUM] CVE-2008-2956: pidgin - Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attacker... Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: "I was never able to identify a scenario under which a problem occurred and the original reporter wasn't able to supply any sort of repro

CVE-2008-2955LOWCVSS 4.3PoCfixed in pidgin 2.4.3-1 (bookworm)2008

CVE-2008-2955 [MEDIUM] CVE-2008-2955: pidgin - Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a ... Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function. Scope: local bookworm: resolved (fixed in 2.4.3-1) bullseye: resolved (fixed in 2.4.3-1) forky: resolved (fixed in 2.4.3-1) sid: resolved (

CVE-2008-2957LOWCVSS 6.4fixed in pidgin 2.4.3-4 (bookworm)2008

CVE-2008-2957 [MEDIUM] CVE-2008-2957: pidgin - The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remo... The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. Scope: local bookworm: resolved (fixed in 2.4.3-4) bullseye: resolved (fixed in 2.4.3-4) forky: resolved (fixed in 2.4.3-4)

CVE-2007-4996MEDIUMCVSS 4.3fixed in pidgin 2.2.1-1 (bookworm)2007

CVE-2007-4996 [MEDIUM] CVE-2007-4996: pidgin - libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages fro... libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location." Scope: local bookworm: resolved (fixed in 2.2.1-1) bullseye: resolved (fixed in 2.2.1-1) forky:

CVE-2007-4999MEDIUMCVSS 4.3fixed in pidgin 2.2.2-1 (bookworm)2007

CVE-2007-4999 [MEDIUM] CVE-2007-4999: pidgin - libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote ... libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996. Scope: local bookworm: resolved (fixed in 2.2.2-1) bullseye: resolved (fixed in 2.2.2-1) forky: resolved (fixed in 2.2.2-1)

← Previous5 / 5