pidgin: multiple vulnerabilities
| Package(s): | pidgin | CVE #(s): | CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | February 14, 2013 | Updated: | March 21, 2013 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Pidgin advisories: CVE-2013-0271: The MXit protocol plugin saves an image to local disk using a filename that could potentially be partially specified by the IM server or by a remote user. CVE-2013-0272: The code did not respect the size of the buffer when parsing HTTP headers, and a malicious server or man-in-the-middle could send specially crafted data that could overflow the buffer. This could lead to a crash or remote code execution. CVE-2013-0273: libpurple failed to null-terminate user IDs that were longer than 4096 bytes. It's plausible that a malicious server could send one of these to us, which would lead to a crash. CVE-2013-0274: libpurple failed to null-terminate some strings when parsing the response from a UPnP router. This could lead to a crash if a malicious user on your network responds with a specially crafted message. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||