Multiple vulnerabilities in Pidgin

Description

Multiple serious vulnerabilities have been found in Pidgin. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary programs and other unknown impact. Below is a complete list of vulnerabilities

1. Improper traffic restrictions can be exploited remotely via a specially designed message;
2. An unknown vulnerability can be exploited remotely via specially designed SOAP or OIM XML responses, Content-Length header, Yahoo! P2P message or specially designed files in messages;
3. An integer overflow can be exploited remotely via a specially designed Content-Length header, emoticon or timestamp;
4. Improper protocol implementation can be exploited remotely via a specially designed STUN server;
5. A buffer overflow can be exploited remotely via a specially designed chunk-size field;
6. Improper library interaction can be exploited remotely via a specially designed URL;

Original advisories

Related products

• Pidgin

CVE list

• CVE-2013-6489
  warning
• CVE-2013-6481
  warning
• CVE-2013-6485
  warning
• CVE-2013-6477
  warning
• CVE-2014-0020
  warning
• CVE-2013-6487
  high
• CVE-2013-6486
  critical
• CVE-2013-6484
  warning
• CVE-2013-6490
  critical
• CVE-2013-6478
  warning
• CVE-2013-6479
  warning
• CVE-2013-6482
  warning
• CVE-2013-6483
  high

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com