FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-02 20:06:50 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
b1ca65e6-5aaf-11de-bc9b-0030843d3802pidgin -- multiple vulnerabilities

Secunia reports:

Some vulnerabilities and weaknesses have been reported in Pidgin, which can be exploited by malicious people to cause a DoS or to potentially compromise a user's system.

A truncation error in the processing of MSN SLP messages can be exploited to cause a buffer overflow.

A boundary error in the XMPP SOCKS5 "bytestream" server when initiating an outgoing file transfer can be exploited to cause a buffer overflow.

A boundary error exists in the implementation of the "PurpleCircBuffer" structure. This can be exploited to corrupt memory and cause a crash via specially crafted XMPP or Sametime packets.

A boundary error in the "decrypt_out()" function can be exploited to cause a stack-based buffer overflow with 8 bytes and crash the application via a specially crafted QQ packet.


Discovery 2009-06-03
Entry 2009-06-16
pidgin
libpurple
finch
< 2.5.6

35067
CVE-2009-1373
CVE-2009-1374
CVE-2009-1375
CVE-2009-1376
http://secunia.com/advisories/35194/
http://www.pidgin.im/news/security/?id=29
http://www.pidgin.im/news/security/?id=30
http://www.pidgin.im/news/security/?id=32
59e7af2d-8db7-11de-883b-001e3300a30dpidgin -- MSN overflow parsing SLP messages

Secunia reports:

A vulnerability has been reported in Pidgin, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to an error in the "msn_slplink_process_msg()" function when processing MSN SLP messages and can be exploited to corrupt memory.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions 2.5.8 and prior. Other versions may also be affected.


Discovery 2009-08-18
Entry 2009-08-20
pidgin
libpurple
finch
< 2.5.9

CVE-2009-2694
http://secunia.com/advisories/36384/
http://www.pidgin.im/news/security/?id=34