CVE-2011-1091

libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message.
Severity
UNKNOWN
AV:N/AC:L/Au:S/C:N/I:N/A:P
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
pidginpidgin
2.6.0
pidginpidgin
2.6.1
pidginpidgin
2.6.2
pidginpidgin
2.6.4
pidginpidgin
2.6.5
pidginpidgin
2.6.6
pidginpidgin
2.7.0
pidginpidgin
2.7.1
pidginpidgin
2.7.2
pidginpidgin
2.7.3
pidginpidgin
2.7.4
pidginpidgin
2.7.5
pidginpidgin
2.7.6
pidginpidgin
2.7.7
pidginpidgin
2.7.8
pidginpidgin
2.7.9
pidginpidgin
2.7.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pidgin
bullseye
2.14.1-1
fixed
lenny
no-dsa
squeeze
no-dsa
bookworm
2.14.12-1
fixed
sid
2.14.13-2
fixed
trixie
2.14.13-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pidgin
oneiric
Fixed 1:2.7.11-1ubuntu1
released
natty
Fixed 1:2.7.11-1ubuntu1
released
maverick
Fixed 1:2.7.3-1ubuntu3.3
released
lucid
Fixed 1:2.6.6-1ubuntu4.4
released
karmic
ignored
hardy
ignored
dapper
dne
References