VDB
GCVE-110-MAGEIA-2014-34
GCVE-110-MAGEIA-2014-34
Advisory Published
Many places in the Yahoo! protocol plugin assumed incoming strings were
UTF-8 and failed to transcode from non-UTF-8 encodings. This can lead to a
crash when receiving strings that aren't UTF-8 (CVE-2012-6152).
A remote XMPP user can trigger a crash on some systems by sending a
message with a timestamp in the distant future (CVE-2013-6477).
libX11 forcefully exits causing a crash when Pidgin tries to create an
exceptionally wide tooltip window when hovering the pointer over a long
URL (CVE-2013-6478).
A malicious server or man-in-the-middle could send a malformed HTTP
response that could lead to a crash (CVE-2013-6479).
The Yahoo! protocol plugin failed to validate a length field before trying
to read from a buffer, which could result in reading past the end of the
buffer which could cause a crash when reading a P2P message
(CVE-2013-6481).
NULL pointer dereferences in the MSN protocol plugin due to a malformed
Content-Length header, or a malicious server or man-in-the-middle sending
a specially crafted OIM data XML response or SOAP response
(CVE-2013-6482).
The XMPP protocol plugin failed to ensure that iq replies came from the
person they were sent to. A remote user could send a spoofed iq reply and
attempt to guess the iq id. This could allow an attacker to inject fake
data or trigger a null pointer dereference (CVE-2013-6483).
Incorrect error handling when reading the response from a STUN server
could lead to a crash (CVE-2013-6484).
A malicious server or man-in-the-middle could cause a buffer overflow by
sending a malformed HTTP response with chunked Transfer-Encoding with
invalid chunk sizes (CVE-2013-6485).
A malicious server or man-in-the-middle could send a large value for
Content-Length and cause an integer overflow which could lead to a buffer
overflow in Gadu-Gadu HTTP parsing (CVE-2013-6487).
A specially crafted emoticon value could cause an integer overflow which
could lead to a buffer overflow in MXit emoticon parsing (CVE-2013-6489).
A Content-Length of -1 could lead to a buffer overflow in SIMPLE header
parsing (CVE-2013-6490).
A malicious server or man-in-the-middle could trigger a crash in IRC
argument parsing in libpurple by sending a message with fewer than
expected arguments
(CVE-2014-0020).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | pidgin | 0 (affected), 2.10.9-1.mga3 (unaffected), 0 (affected), 2.10.9-1.mga3 (unaffected) | — |
| Mageia | net_monitor | 0 (affected), 0.16-1.mga4 (unaffected) | — |
References
Browse GCVE Records
72,337 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.