nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin prior to 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pidgin pidgin 2.10.6 |
||
pidgin pidgin 2.10.5 |
||
pidgin pidgin 2.10.8 |
||
pidgin pidgin 2.10.7 |
||
pidgin pidgin 2.10.0 |
||
pidgin pidgin 2.10.4 |
||
pidgin pidgin 2.10.3 |
||
pidgin pidgin |
||
pidgin pidgin 2.10.2 |
||
pidgin pidgin 2.10.1 |
Dump docs on users' disks using only ASCII art (°O°)
Cisco researchers have reported a trio of vulnerabilities in popular instant messaging client Pidgin that allow for denial of service by way of emoticon abuse and remote arbitrary file creation. Researchers Yves Younan and Richard Johnson say the flaws have since been quietly patched, but rated a maximum CVSS score of 6.4 but were easily and remotely exploitable. The first reported flaw (CVE-2014-3697) affected the way Pidgin accessed smileys and themes as tar packages on Windows systems. Linux ...