Published: 06/02/2014 Updated: 16/03/2014

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Multiple integer signedness errors in libpurple in Pidgin prior to 2.10.8 allow remote malicious users to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pidgin pidgin 2.9.0
pidgin pidgin 2.7.4
pidgin pidgin 2.7.3
pidgin pidgin 2.6.4
pidgin pidgin 2.6.3
pidgin pidgin 2.5.6
pidgin pidgin 2.5.5
pidgin pidgin 2.4.2
pidgin pidgin 2.4.1
pidgin pidgin 2.10.5
pidgin pidgin 2.10.4
pidgin pidgin 2.0.2
pidgin pidgin 2.0.1
pidgin pidgin 2.7.8
pidgin pidgin 2.7.7
pidgin pidgin 2.7.10
pidgin pidgin 2.7.1
pidgin pidgin 2.6.0
pidgin pidgin 2.5.9
pidgin pidgin 2.5.2
pidgin pidgin 2.5.1
pidgin pidgin 2.3.0
pidgin pidgin 2.2.2
pidgin pidgin 2.2.1
pidgin pidgin 2.10.1
pidgin pidgin 2.10.0
pidgin pidgin 2.7.6
pidgin pidgin 2.7.5
pidgin pidgin 2.7.0
pidgin pidgin 2.6.6
pidgin pidgin 2.6.5
pidgin pidgin 2.5.8
pidgin pidgin 2.5.7
pidgin pidgin 2.5.0
pidgin pidgin 2.4.3
pidgin pidgin 2.2.0
pidgin pidgin 2.10.6
pidgin pidgin 2.1.1
pidgin pidgin 2.1.0
pidgin pidgin 2.8.0
pidgin pidgin 2.7.9
pidgin pidgin 2.7.2
pidgin pidgin 2.7.11
pidgin pidgin 2.6.2
pidgin pidgin 2.6.1
pidgin pidgin 2.5.4
pidgin pidgin 2.5.3
pidgin pidgin 2.4.0
pidgin pidgin 2.3.1
pidgin pidgin 2.10.3
pidgin pidgin 2.10.2
pidgin pidgin 2.0.0
pidgin pidgin

Several security issues were fixed in Pidgin ...

Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client: CVE-2013-6477 Jaime Breva Ribes discovered that a remote XMPP user can trigger a crash by sending a message with a timestamp in the distant future CVE-2013-6478 Pidgin could be crashed through overly wide tooltip windows CVE-2013-6479 ...

Multiple integer signedness errors in libpurple in Pidgin before 2108 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message ...

CWE-189 http://hg.pidgin.im/pidgin/main/rev/852014ae74a0 http://pidgin.im/news/security/?id=71 http://www.debian.org/security/2014/dsa-2859 https://rhn.redhat.com/errata/RHSA-2014-0139.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html http://www.ubuntu.com/usn/USN-2100-1 http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html https://usn.ubuntu.com/2100-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-6477

CVE-2013-6477

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect