FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 19:33:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
549787c1-8916-11e2-8549-68b599b52a02libpurple -- multiple vulnerabilities

Pidgin reports:

libpurple

Fix a crash when receiving UPnP responses with abnormally long values.

MXit

Fix two bugs where a remote MXit user could possibly specify a local file path to be written to.

Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution.

Sametime

Fix a crash in Sametime when a malicious server sends us an abnormally long user ID.


Discovery 2013-02-13
Entry 2013-03-10
Modified 2013-03-16
libpurple
< 2.10.7

CVE-2013-0274
CVE-2013-0271
CVE-2013-0272
CVE-2013-0273
https://developer.pidgin.im/wiki/ChangeLog
59e7af2d-8db7-11de-883b-001e3300a30dpidgin -- MSN overflow parsing SLP messages

Secunia reports:

A vulnerability has been reported in Pidgin, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to an error in the "msn_slplink_process_msg()" function when processing MSN SLP messages and can be exploited to corrupt memory.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions 2.5.8 and prior. Other versions may also be affected.


Discovery 2009-08-18
Entry 2009-08-20
pidgin
libpurple
finch
< 2.5.9

CVE-2009-2694
http://secunia.com/advisories/36384/
http://www.pidgin.im/news/security/?id=34
64f8b72d-9c4e-11e1-9c94-000bcdf0a03blibpurple -- Invalid memory dereference in the XMPP protocol plug-in by processing serie of specially-crafted file transfer requests

Pidgin reports:

A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests.


Discovery 2012-05-06
Entry 2012-05-12
libpurple
< 2.10.4

CVE-2012-2214
7289214f-7c55-11e1-ab3b-000bcdf0a03blibpurple -- Remote DoS via an MSN OIM message that lacks UTF-8 encoding

US-CERT reports:

The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding.


Discovery 2012-03-15
Entry 2012-04-01
libpurple
< 2.10.2

CVE-2012-1178
a2c4d3d5-4c7b-11df-83fb-0015587e2cc1pidgin -- multiple remote denial of service vulnerabilities

Three denial of service vulnerabilities where found in pidgin and allow remote attackers to crash the application. The developers summarized these problems as follows:

Pidgin can become unresponsive when displaying large numbers of smileys

Certain nicknames in group chat rooms can trigger a crash in Finch

Failure to validate all fields of an incoming message can trigger a crash


Discovery 2010-02-18
Entry 2010-04-20
pidgin
< 2.6.6

libpurple
< 2.6.6

38294
CVE-2010-0277
CVE-2010-0420
CVE-2010-0423
http://pidgin.im/news/security/?id=43
http://pidgin.im/news/security/?id=44
http://pidgin.im/news/security/?id=45
b1ca65e6-5aaf-11de-bc9b-0030843d3802pidgin -- multiple vulnerabilities

Secunia reports:

Some vulnerabilities and weaknesses have been reported in Pidgin, which can be exploited by malicious people to cause a DoS or to potentially compromise a user's system.

A truncation error in the processing of MSN SLP messages can be exploited to cause a buffer overflow.

A boundary error in the XMPP SOCKS5 "bytestream" server when initiating an outgoing file transfer can be exploited to cause a buffer overflow.

A boundary error exists in the implementation of the "PurpleCircBuffer" structure. This can be exploited to corrupt memory and cause a crash via specially crafted XMPP or Sametime packets.

A boundary error in the "decrypt_out()" function can be exploited to cause a stack-based buffer overflow with 8 bytes and crash the application via a specially crafted QQ packet.


Discovery 2009-06-03
Entry 2009-06-16
pidgin
libpurple
finch
< 2.5.6

35067
CVE-2009-1373
CVE-2009-1374
CVE-2009-1375
CVE-2009-1376
http://secunia.com/advisories/35194/
http://www.pidgin.im/news/security/?id=29
http://www.pidgin.im/news/security/?id=30
http://www.pidgin.im/news/security/?id=32
d057c5e6-5b20-11e4-bebd-000c2980a9f3libpurple/pidgin -- multiple vulnerabilities

The pidgin development team reports:

.


Discovery 2014-10-22
Entry 2014-10-24
libpurple
< 2.10.10

pidgin
< 2.10.10

CVE-2014-3694
CVE-2014-3697
CVE-2014-3696
CVE-2014-3695
CVE-2014-3698
https://developer.pidgin.im/wiki/ChangeLog