Vulnerability Description
libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pidgin | Pidgin | 2.2.0 |
References
- http://fedoranews.org/updates/FEDORA-2007-236.shtml
- http://secunia.com/advisories/27010PatchVendor Advisory
- http://secunia.com/advisories/27088
- http://www.pidgin.im/news/security/?id=23Patch
- http://www.securityfocus.com/archive/1/481402/100/0/threaded
- http://www.securityfocus.com/bid/25872
- http://www.vupen.com/english/advisories/2007/3321
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36884
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://fedoranews.org/updates/FEDORA-2007-236.shtml
- http://secunia.com/advisories/27010PatchVendor Advisory
- http://secunia.com/advisories/27088
- http://www.pidgin.im/news/security/?id=23Patch
- http://www.securityfocus.com/archive/1/481402/100/0/threaded
- http://www.securityfocus.com/bid/25872
FAQ
What is CVE-2007-4996?
CVE-2007-4996 is a vulnerability with a CVSS score of 4.3 (MEDIUM). libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via...
How severe is CVE-2007-4996?
CVE-2007-4996 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4996?
Check the references section above for vendor advisories and patch information. Affected products include: Pidgin Pidgin.