|
|
Log in / Subscribe / Register

pidgin: multiple vulnerabilities

Package(s):pidgin CVE #(s):CVE-2011-4939 CVE-2012-1178
Created:April 2, 2012 Updated:March 15, 2013
Description:

From the Red Hat bugzilla entries [1, 2]:

CVE-2011-4939: A NULL pointer dereference flaw was found in the way XMPP protocol plug-in of Pidgin, a Gtk+ based multiprotocol instant messaging client, performed change of user name for particular buddy. If a remote Pidgin user, present on the buddy list of the victim, changed their Pidgin nickname to specially-crafted value it would lead to Pidgin client crash.

CVE-2012-1178: A denial of service flaw was found in the way MSN protocol plug-in of Pidgin, a Gtk+ based multiprotocol instant messaging client, performed sanitization of certain not UTF-8 encoded text prior its presentation. A remote attacker could send a specially-crafted not UTF-8 encoded text (for example via Offline Instant Message post), which once processed by the Pidgin client of the victim would lead to that Pidgin client abort.

Alerts:
Oracle ELSA-2013-0646 pidgin 2013-03-14
openSUSE openSUSE-SU-2012:0905-1 pidgin 2012-07-24
Scientific Linux SL-pidg-20120719 pidgin 2012-07-19
Oracle ELSA-2012-1102 pidgin 2012-07-20
CentOS CESA-2012:1102 pidgin 2012-07-19
CentOS CESA-2012:1102 pidgin 2012-07-19
Red Hat RHSA-2012:1102-01 pidgin 2012-07-19
Ubuntu USN-1500-1 pidgin 2012-07-09
SUSE SUSE-SU-2012:0782-1 finch, libpurple and pidgin 2012-06-22
Fedora FEDORA-2012-4600 pidgin 2012-04-01
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds