FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
b1ca65e6-5aaf-11de-bc9b-0030843d3802pidgin -- multiple vulnerabilities

Secunia reports:

Some vulnerabilities and weaknesses have been reported in Pidgin, which can be exploited by malicious people to cause a DoS or to potentially compromise a user's system.

A truncation error in the processing of MSN SLP messages can be exploited to cause a buffer overflow.

A boundary error in the XMPP SOCKS5 "bytestream" server when initiating an outgoing file transfer can be exploited to cause a buffer overflow.

A boundary error exists in the implementation of the "PurpleCircBuffer" structure. This can be exploited to corrupt memory and cause a crash via specially crafted XMPP or Sametime packets.

A boundary error in the "decrypt_out()" function can be exploited to cause a stack-based buffer overflow with 8 bytes and crash the application via a specially crafted QQ packet.


Discovery 2009-06-03
Entry 2009-06-16
pidgin
libpurple
finch
< 2.5.6

35067
CVE-2009-1373
CVE-2009-1374
CVE-2009-1375
CVE-2009-1376
http://secunia.com/advisories/35194/
http://www.pidgin.im/news/security/?id=29
http://www.pidgin.im/news/security/?id=30
http://www.pidgin.im/news/security/?id=32
a2c4d3d5-4c7b-11df-83fb-0015587e2cc1pidgin -- multiple remote denial of service vulnerabilities

Three denial of service vulnerabilities where found in pidgin and allow remote attackers to crash the application. The developers summarized these problems as follows:

Pidgin can become unresponsive when displaying large numbers of smileys

Certain nicknames in group chat rooms can trigger a crash in Finch

Failure to validate all fields of an incoming message can trigger a crash


Discovery 2010-02-18
Entry 2010-04-20
pidgin
< 2.6.6

libpurple
< 2.6.6

38294
CVE-2010-0277
CVE-2010-0420
CVE-2010-0423
http://pidgin.im/news/security/?id=43
http://pidgin.im/news/security/?id=44
http://pidgin.im/news/security/?id=45
59e7af2d-8db7-11de-883b-001e3300a30dpidgin -- MSN overflow parsing SLP messages

Secunia reports:

A vulnerability has been reported in Pidgin, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to an error in the "msn_slplink_process_msg()" function when processing MSN SLP messages and can be exploited to corrupt memory.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions 2.5.8 and prior. Other versions may also be affected.


Discovery 2009-08-18
Entry 2009-08-20
pidgin
libpurple
finch
< 2.5.9

CVE-2009-2694
http://secunia.com/advisories/36384/
http://www.pidgin.im/news/security/?id=34
d057c5e6-5b20-11e4-bebd-000c2980a9f3libpurple/pidgin -- multiple vulnerabilities

The pidgin development team reports:

.


Discovery 2014-10-22
Entry 2014-10-24
libpurple
< 2.10.10

pidgin
< 2.10.10

CVE-2014-3694
CVE-2014-3697
CVE-2014-3696
CVE-2014-3695
CVE-2014-3698
https://developer.pidgin.im/wiki/ChangeLog