Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libpurple vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-2640
An out-of-bounds write flaw was found in the way Pidgin prior to 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
Pidgin Pidgin
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Eus 7.5
Redhat Enterprise Linux Server Aus 7.4
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server Eus 7.4
Redhat Enterprise Linux Workstation 7.0
Debian Debian Linux 8.0
9.8
CVSSv3
CVE-2017-5668
bitlbee-libpurple prior to 3.5.1 allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because ...
Bitlbee Bitlbee
Bitlbee Bitlbee-libpurple
9.8
CVSSv3
CVE-2016-10188
Use-after-free vulnerability in bitlbee-libpurple prior to 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire.
Bitlbee Bitlbee
7.5
CVSSv3
CVE-2016-10189
BitlBee prior to 3.5 allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.
Bitlbee Bitlbee-libpurple
Bitlbee Bitlbee
7.5
CVSSv3
CVE-2010-0013
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote malicious users to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to ...
Adium Adium 1.3.8
Pidgin Pidgin 2.6.4
Fedoraproject Fedora 11
Fedoraproject Fedora 12
Suse Linux Enterprise Server 10
Suse Linux Enterprise 11.0
Opensuse Opensuse
Redhat Enterprise Linux 4.0
Redhat Enterprise Linux 5.0
1 EDB exploit
5.5
CVSSv3
CVE-2012-1257
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.
Pidgin Pidgin 2.10.0
1 EDB exploit
NA
CVE-2013-0272
Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin prior to 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header.
Pidgin Pidgin 2.10.5
Pidgin Pidgin 2.10.3
Pidgin Pidgin 2.7.11
Pidgin Pidgin 2.7.1
Pidgin Pidgin 2.7.9
Pidgin Pidgin 2.7.7
Pidgin Pidgin
Pidgin Pidgin 2.9.0
Pidgin Pidgin 2.8.0
Pidgin Pidgin 2.7.6
Pidgin Pidgin 2.7.10
Pidgin Pidgin 2.6.1
Pidgin Pidgin 2.6.2
Pidgin Pidgin 2.5.3
Pidgin Pidgin 2.5.0
Pidgin Pidgin 2.4.2
Pidgin Pidgin 2.3.1
Pidgin Pidgin 2.0.2
Pidgin Pidgin 2.0.0
Pidgin Pidgin 2.10.1
Pidgin Pidgin 2.10.2
Pidgin Pidgin 2.7.0
NA
CVE-2013-0273
sametime.c in the Sametime protocol plugin in libpurple in Pidgin prior to 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet.
Pidgin Pidgin 2.10.1
Pidgin Pidgin 2.10.2
Pidgin Pidgin 2.7.3
Pidgin Pidgin 2.7.6
Pidgin Pidgin 2.6.5
Pidgin Pidgin 2.6.4
Pidgin Pidgin 2.5.2
Pidgin Pidgin 2.5.5
Pidgin Pidgin 2.4.0
Pidgin Pidgin 2.4.2
Pidgin Pidgin 2.1.0
Pidgin Pidgin 2.0.1
Pidgin Pidgin 2.10.5
Pidgin Pidgin 2.10.3
Pidgin Pidgin 2.7.11
Pidgin Pidgin 2.7.1
Pidgin Pidgin 2.7.7
Pidgin Pidgin 2.7.4
Pidgin Pidgin 2.6.0
Pidgin Pidgin 2.5.9
Pidgin Pidgin 2.5.1
Pidgin Pidgin 2.5.6
NA
CVE-2013-0271
The MXit protocol plugin in libpurple in Pidgin prior to 2.10.7 might allow remote malicious users to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname.
Pidgin Pidgin 2.10.5
Pidgin Pidgin 2.10.3
Pidgin Pidgin 2.7.11
Pidgin Pidgin 2.7.1
Pidgin Pidgin 2.7.9
Pidgin Pidgin 2.7.7
Pidgin Pidgin 2.7.4
Pidgin Pidgin 2.6.0
Pidgin Pidgin 2.5.9
Pidgin Pidgin 2.5.1
Pidgin Pidgin
Pidgin Pidgin 2.9.0
Pidgin Pidgin 2.8.0
Pidgin Pidgin 2.7.6
Pidgin Pidgin 2.7.10
Pidgin Pidgin 2.6.1
Pidgin Pidgin 2.6.2
Pidgin Pidgin 2.5.3
Pidgin Pidgin 2.5.0
Pidgin Pidgin 2.4.2
Pidgin Pidgin 2.3.1
Pidgin Pidgin 2.3.0
NA
CVE-2013-0274
upnp.c in libpurple in Pidgin prior to 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote malicious users to cause a denial of service (application crash) by leveraging access to the local network.
Pidgin Pidgin 2.10.4
Pidgin Pidgin
Pidgin Pidgin 2.9.0
Pidgin Pidgin 2.8.0
Pidgin Pidgin 2.7.11
Pidgin Pidgin 2.7.10
Pidgin Pidgin 2.7.9
Pidgin Pidgin 2.6.1
Pidgin Pidgin 2.6.2
Pidgin Pidgin 2.5.0
Pidgin Pidgin 2.5.1
Pidgin Pidgin 2.3.1
Pidgin Pidgin 2.3.0
Pidgin Pidgin 2.0.2
Pidgin Pidgin 2.0.0
Pidgin Pidgin 2.10.1
Pidgin Pidgin 2.10.2
Pidgin Pidgin 2.7.3
Pidgin Pidgin 2.7.6
Pidgin Pidgin 2.6.5
Pidgin Pidgin 2.6.4
Pidgin Pidgin 2.5.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »