CVE-2012-1178

EUVD-2012-1207
The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
pidginpidgin
𝑥
≤ 2.10.1
pidginpidgin
2.0.0
pidginpidgin
2.0.1
pidginpidgin
2.0.2
pidginpidgin
2.1.0
pidginpidgin
2.1.1
pidginpidgin
2.2.0
pidginpidgin
2.2.1
pidginpidgin
2.2.2
pidginpidgin
2.3.0
pidginpidgin
2.3.1
pidginpidgin
2.4.0
pidginpidgin
2.4.1
pidginpidgin
2.4.2
pidginpidgin
2.4.3
pidginpidgin
2.5.0
pidginpidgin
2.5.1
pidginpidgin
2.5.2
pidginpidgin
2.5.3
pidginpidgin
2.5.4
pidginpidgin
2.5.5
pidginpidgin
2.5.6
pidginpidgin
2.5.7
pidginpidgin
2.5.8
pidginpidgin
2.5.9
pidginpidgin
2.6.0
pidginpidgin
2.6.1
pidginpidgin
2.6.2
pidginpidgin
2.6.3
pidginpidgin
2.6.4
pidginpidgin
2.6.5
pidginpidgin
2.6.6
pidginpidgin
2.7.1
pidginpidgin
2.7.2
pidginpidgin
2.7.3
pidginpidgin
2.7.4
pidginpidgin
2.7.5
pidginpidgin
2.7.6
pidginpidgin
2.7.7
pidginpidgin
2.7.8
pidginpidgin
2.7.9
pidginpidgin
2.7.10
pidginpidgin
2.7.11
pidginpidgin
2.8.0
pidginpidgin
2.9.0
pidginpidgin
2.10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pidgin
bookworm
2.14.12-1
fixed
bullseye
2.14.1-1
fixed
sid
2.14.13-2
fixed
squeeze
no-dsa
trixie
2.14.13-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pidgin
hardy
ignored
lucid
Fixed 1:2.6.6-1ubuntu4.5
released
maverick
ignored
natty
Fixed 1:2.7.11-1ubuntu2.2
released
oneiric
Fixed 1:2.10.0-0ubuntu2.1
released
precise
not-affected
Common Weakness Enumeration
References
http://developer.pidgin.im/ticket/14884
http://developer.pidgin.im/viewmtn/revision/diff/60f8379d0a610538cf42e0dd9ab1436c8b9308cd/with/3053d6a37cc6d8774aba7607b992a4408216adcd/libpurple/protocols/msn/oim.c
http://developer.pidgin.im/viewmtn/revision/info/3053d6a37cc6d8774aba7607b992a4408216adcd
http://pidgin.im/news/security/?id=61
http://rhn.redhat.com/errata/RHSA-2012-1102.html
http://secunia.com/advisories/50005
http://www.mandriva.com/security/advisories?name=MDVSA-2012:029
http://www.securityfocus.com/bid/52475
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18019
http://developer.pidgin.im/ticket/14884
http://developer.pidgin.im/viewmtn/revision/diff/60f8379d0a610538cf42e0dd9ab1436c8b9308cd/with/3053d6a37cc6d8774aba7607b992a4408216adcd/libpurple/protocols/msn/oim.c
http://developer.pidgin.im/viewmtn/revision/info/3053d6a37cc6d8774aba7607b992a4408216adcd
http://pidgin.im/news/security/?id=61
http://rhn.redhat.com/errata/RHSA-2012-1102.html
http://secunia.com/advisories/50005
http://www.mandriva.com/security/advisories?name=MDVSA-2012:029
http://www.securityfocus.com/bid/52475
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18019