CVE-2009-3615

EUVD-2009-3596
The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
adiumadium
𝑥
≤ 1.3.6
adiumadium
1.0
adiumadium
1.0.1
adiumadium
1.0.2
adiumadium
1.0.3
adiumadium
1.0.4
adiumadium
1.0.5
adiumadium
1.1
adiumadium
1.1.1
adiumadium
1.1.2
adiumadium
1.1.3
adiumadium
1.1.4
adiumadium
1.2.7
adiumadium
1.3
adiumadium
1.3.1
adiumadium
1.3.2
adiumadium
1.3.3
adiumadium
1.3.4
adiumadium
1.3.5
pidginpidgin
𝑥
≤ 2.6.2
pidginpidgin
2.0.0
pidginpidgin
2.0.1
pidginpidgin
2.0.2
pidginpidgin
2.1.0
pidginpidgin
2.1.1
pidginpidgin
2.2.0
pidginpidgin
2.2.1
pidginpidgin
2.2.2
pidginpidgin
2.3.0
pidginpidgin
2.3.1
pidginpidgin
2.4.0
pidginpidgin
2.4.1
pidginpidgin
2.4.2
pidginpidgin
2.4.3
pidginpidgin
2.5.0
pidginpidgin
2.5.1
pidginpidgin
2.5.2
pidginpidgin
2.5.3
pidginpidgin
2.5.4
pidginpidgin
2.5.5
pidginpidgin
2.5.6
pidginpidgin
2.5.7
pidginpidgin
2.5.8
pidginpidgin
2.5.9
pidginpidgin
2.6.0
pidginpidgin
2.6.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pidgin
bookworm
2.14.12-1
fixed
bullseye
2.14.1-1
fixed
sid
2.14.13-2
fixed
trixie
2.14.13-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pidgin
dapper
dne
hardy
Fixed 1:2.4.1-1ubuntu2.8
released
intrepid
Fixed 1:2.5.2-0ubuntu1.6
released
jaunty
Fixed 1:2.5.5-1ubuntu8.5
released
karmic
Fixed 1:2.6.2-1ubuntu7.1
released
Common Weakness Enumeration
References
http://developer.pidgin.im/ticket/10481
http://developer.pidgin.im/viewmtn/revision/info/781682333aea0c801d280c3507ee25552a60bfc0
http://developer.pidgin.im/wiki/ChangeLog
http://secunia.com/advisories/37017
http://secunia.com/advisories/37072
http://www.mandriva.com/security/advisories?name=MDVSA-2010:085
http://www.pidgin.im/news/security/?id=41
http://www.securityfocus.com/bid/36719
http://www.vupen.com/english/advisories/2009/2949
http://www.vupen.com/english/advisories/2009/2951
http://www.vupen.com/english/advisories/2010/1020
https://exchange.xforce.ibmcloud.com/vulnerabilities/53807
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18388
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9414
http://developer.pidgin.im/ticket/10481
http://developer.pidgin.im/viewmtn/revision/info/781682333aea0c801d280c3507ee25552a60bfc0
http://developer.pidgin.im/wiki/ChangeLog
http://secunia.com/advisories/37017
http://secunia.com/advisories/37072
http://www.mandriva.com/security/advisories?name=MDVSA-2010:085
http://www.pidgin.im/news/security/?id=41
http://www.securityfocus.com/bid/36719
http://www.vupen.com/english/advisories/2009/2949
http://www.vupen.com/english/advisories/2009/2951
http://www.vupen.com/english/advisories/2010/1020
https://exchange.xforce.ibmcloud.com/vulnerabilities/53807
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18388
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9414