CVE-2009-3085

The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
pidginlibpurple
*
pidginpidgin
𝑥
≤ 2.6.1
pidginpidgin
2.0.0
pidginpidgin
2.0.1
pidginpidgin
2.0.2
pidginpidgin
2.0.2
pidginpidgin
2.1.0
pidginpidgin
2.1.1
pidginpidgin
2.2.0
pidginpidgin
2.2.1
pidginpidgin
2.2.2
pidginpidgin
2.3.0
pidginpidgin
2.3.1
pidginpidgin
2.4.0
pidginpidgin
2.4.0:32_bit
pidginpidgin
2.4.1
pidginpidgin
2.4.1:32_bit
pidginpidgin
2.4.2
pidginpidgin
2.4.2:32_bit
pidginpidgin
2.4.3
pidginpidgin
2.4.3:32_bit
pidginpidgin
2.5.0
pidginpidgin
2.5.0:32_bit
pidginpidgin
2.5.1
pidginpidgin
2.5.2
pidginpidgin
2.5.2:32_bit
pidginpidgin
2.5.3
pidginpidgin
2.5.3:32_bit
pidginpidgin
2.5.4
pidginpidgin
2.5.4:32_bit
pidginpidgin
2.5.5
pidginpidgin
2.5.5:32_bit
pidginpidgin
2.5.6
pidginpidgin
2.5.7
pidginpidgin
2.5.8
pidginpidgin
2.5.9
pidginpidgin
2.6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pidgin
bullseye
2.14.1-1
fixed
lenny
no-dsa
bookworm
2.14.12-1
fixed
sid
2.14.13-2
fixed
trixie
2.14.13-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pidgin
karmic
not-affected
jaunty
Fixed 1:2.5.5-1ubuntu8.5
released
intrepid
Fixed 1:2.5.2-0ubuntu1.6
released
hardy
not-affected
dapper
dne
References
http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8
http://secunia.com/advisories/36601
http://www.pidgin.im/news/security/index.php?id=37
http://www.securityfocus.com/bid/36277
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434
http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8
http://secunia.com/advisories/36601
http://www.pidgin.im/news/security/index.php?id=37
http://www.securityfocus.com/bid/36277
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434