Published: 15/03/2012 Updated: 18/01/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin prior to 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pidgin pidgin 2.7.10
pidgin pidgin 2.7.9
pidgin pidgin 2.7.2
pidgin pidgin 2.7.1
pidgin pidgin 2.5.9
pidgin pidgin 2.5.8
pidgin pidgin 2.5.1
pidgin pidgin 2.5.0
pidgin pidgin 2.2.2
pidgin pidgin 2.2.1
pidgin pidgin 2.2.0
pidgin pidgin 2.10.0
pidgin pidgin 2.9.0
pidgin pidgin 2.7.6
pidgin pidgin 2.7.5
pidgin pidgin 2.6.3
pidgin pidgin 2.6.2
pidgin pidgin 2.5.5
pidgin pidgin 2.5.4
pidgin pidgin 2.4.1
pidgin pidgin 2.4.0
pidgin pidgin 2.0.2
pidgin pidgin 2.0.1
pidgin pidgin
pidgin pidgin 2.7.8
pidgin pidgin 2.7.7
pidgin pidgin 2.6.6
pidgin pidgin 2.6.5
pidgin pidgin 2.6.4
pidgin pidgin 2.5.7
pidgin pidgin 2.5.6
pidgin pidgin 2.4.3
pidgin pidgin 2.4.2
pidgin pidgin 2.1.1
pidgin pidgin 2.1.0
pidgin pidgin 2.8.0
pidgin pidgin 2.7.11
pidgin pidgin 2.7.4
pidgin pidgin 2.7.3
pidgin pidgin 2.6.1
pidgin pidgin 2.6.0
pidgin pidgin 2.5.3
pidgin pidgin 2.5.2
pidgin pidgin 2.3.1
pidgin pidgin 2.3.0
pidgin pidgin 2.0.0

Synopsis Moderate: pidgin security update Type/Severity Security Advisory: Moderate Topic Updated pidgin packages that fix three security issues are now availablefor Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerabil ...

Several security issues were fixed in Pidgin ...

Debian Bug report logs - #664030 [CVE-2012-1178] pidgin: Possible MSN remote crash Package: pidgin; Maintainer for pidgin is Ari Pollak <ari@debianorg>; Source for pidgin is src:pidgin (PTS, buildd, popcon) Reported by: Luciano Bello <luciano@debianorg> Date: Wed, 14 Mar 2012 23:09:01 UTC Severity: grave Tags: pat ...

Debian Bug report logs - #664028 [CVE-2011-4939] pidgin: XMPP remote crash Package: pidgin; Maintainer for pidgin is Ari Pollak <ari@debianorg>; Source for pidgin is src:pidgin (PTS, buildd, popcon) Reported by: Luciano Bello <luciano@debianorg> Date: Wed, 14 Mar 2012 23:00:05 UTC Severity: grave Tags: patch, secu ...

CWE-399 http://pidgin.im/news/security/?id=61 http://developer.pidgin.im/ticket/14884 http://developer.pidgin.im/viewmtn/revision/diff/60f8379d0a610538cf42e0dd9ab1436c8b9308cd/with/3053d6a37cc6d8774aba7607b992a4408216adcd/libpurple/protocols/msn/oim.c http://developer.pidgin.im/viewmtn/revision/info/3053d6a37cc6d8774aba7607b992a4408216adcd http://rhn.redhat.com/errata/RHSA-2012-1102.html http://secunia.com/advisories/50005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18019 http://www.securityfocus.com/bid/52475 http://www.mandriva.com/security/advisories?name=MDVSA-2012:029 https://access.redhat.com/errata/RHSA-2012:1102 https://usn.ubuntu.com/1500-1/https://nvd.nist.gov

CVE-2012-1178

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect