<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
	<channel>
		<title>About on IMFreedom Security</title>
		<link>https://security.imfreedom.org/</link>
		<description>Recent content in About on IMFreedom Security</description>
		<generator>Hugo</generator>
		<language>en</language>
		
		
		
		
			<lastBuildDate>Thu, 28 Apr 2022 10:40:22 +0000</lastBuildDate>
		
			<atom:link href="https://security.imfreedom.org/index.xml" rel="self" type="application/rss+xml" />
			<item>
				<title>MITM when used without DNSSEC</title>
				<link>https://security.imfreedom.org/advisories/cve-2022-26491/</link>
				<pubDate>Thu, 28 Apr 2022 10:40:22 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2022-26491/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;If not using DNSSEC it is trivial to perform a man in the middle attack a&#xA;client via DNS spoofing. You can find more discussion in the&#xA;&lt;a href=&#34;https://mail.jabber.org/pipermail/standards/2022-February/038759.html&#34;&gt;XMPP Standards Archives&lt;/a&gt;.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Removed the code that supported the &lt;code&gt;_xmppconnect&lt;/code&gt; DNS TXT record.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Out-of-bounds write when stripping xml</title>
				<link>https://security.imfreedom.org/advisories/cve-2017-2640-00/</link>
				<pubDate>Thu, 09 Mar 2017 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2017-2640-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;An out-of-bounds write when invalid xml is sent by a malicious server.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Only decode HTML entities that are well formed.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Pidgin MXIT Avatar Length Memory Disclosure Vulnerability</title>
				<link>https://security.imfreedom.org/advisories/cve-2016-2367-00/</link>
				<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2016-2367-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious user, server, or man-in-the-middle could trigger a crash or&#xA;unexpected writing of data from memory to file.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Various changes to the chunk decoding.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Pidgin MXIT Contact Mood Denial of Service Vulnerability</title>
				<link>https://security.imfreedom.org/advisories/cve-2016-2373-00/</link>
				<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2016-2373-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious user, server, or man-in-the-middle could trigger a crash.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Validate the received value.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Pidgin MXIT CP_SOCK_REC_TERM Denial of Service Vulnerability</title>
				<link>https://security.imfreedom.org/advisories/cve-2016-2369-00/</link>
				<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2016-2369-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious server or man-in-the-middle could trigger a crash.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;</description>
			</item>
			<item>
				<title>Pidgin MXIT Custom Resource Denial of Service Vulnerability</title>
				<link>https://security.imfreedom.org/advisories/cve-2016-2370-00/</link>
				<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2016-2370-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious server or man-in-the-middle could trigger a crash.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Various changes to the chunk decoding.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Pidgin MXIT Extended Profiles Code Execution Vulnerability</title>
				<link>https://security.imfreedom.org/advisories/cve-2016-2371-00/</link>
				<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2016-2371-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious server or man-in-the-middle could trigger a crash or potentially&#xA;arbitrary code execution.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Check the field count before accessing fields.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability</title>
				<link>https://security.imfreedom.org/advisories/cve-2016-2372-00/</link>
				<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2016-2372-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious user, server, or man-in-the-middle could trigger a crash or&#xA;unexpected writing of data from memory to file.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Various changes to the chunk decoding.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Pidgin MXIT g_snprintf Multiple Buffer Overflow Vulnerabilities</title>
				<link>https://security.imfreedom.org/advisories/cve-2016-2368-00/</link>
				<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2016-2368-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Data is copied without verifying that it was copied successfully.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Separate the handling of HTTP headers and body. Check the return value from&#xA;&lt;code&gt;g_vsnprintf()&lt;/code&gt;.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Pidgin MXIT get_utf8_string Code Execution Vulnerability</title>
				<link>https://security.imfreedom.org/advisories/cve-2016-2378-00/</link>
				<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2016-2378-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious server or man-in-the-middle could trigger a crash.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Use correct data types.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Pidgin MXIT HTTP Content-Length Buffer Overflow Vulnerability</title>
				<link>https://security.imfreedom.org/advisories/cve-2016-2377-00/</link>
				<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2016-2377-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious server or man-in-the-middle could trigger a crash.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Use an unsigned integer.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Pidgin MXIT Markup Command Denial of Service Vulnerability</title>
				<link>https://security.imfreedom.org/advisories/cve-2016-2365-00/</link>
				<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2016-2365-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious server or man-in-the-middle could trigger a crash.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Escape the provided filename before using it.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Pidgin MXIT MultiMX Message Code Execution Vulnerability</title>
				<link>https://security.imfreedom.org/advisories/cve-2016-2374-00/</link>
				<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2016-2374-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious server or man-in-the-middle could trigger a crash or potentially&#xA;arbitrary code execution.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Validate the incoming message format.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Pidgin MXIT mxit_convert_markup_tx Information Leak Vulnerability</title>
				<link>https://security.imfreedom.org/advisories/cve-2016-2380-00/</link>
				<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2016-2380-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A specially crafted local message (by the user or a plugin) could lead to the&#xA;disclosure of 7 bytes to the server.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Check the length of the font tag.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Pidgin MXIT read stage 0x3 Code Execution Vulnerability</title>
				<link>https://security.imfreedom.org/advisories/cve-2016-2376-00/</link>
				<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2016-2376-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious server or man-in-the-middle could trigger a crash or potentially&#xA;arbitrary code execution.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Verify the size from the packet.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Pidgin MXIT Splash Image Arbitrary File Overwrite Vulnerability</title>
				<link>https://security.imfreedom.org/advisories/cve-2016-4323-00/</link>
				<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2016-4323-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious server or man-in-the-middle could trigger libpurple to overwrite a&#xA;local file with the name and contents specified by the attacker.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;</description>
			</item>
			<item>
				<title>Pidgin MXIT Suggested Contacts Memory Disclosure Vulnerability</title>
				<link>https://security.imfreedom.org/advisories/cve-2016-2375-00/</link>
				<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2016-2375-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious server or man-in-the-middle could trigger a crash or disclosure of&#xA;information from memory.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Validate the field and attribute counts.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Pidgin MXIT Table Command Denial of Service Vulnerability</title>
				<link>https://security.imfreedom.org/advisories/cve-2016-2366-00/</link>
				<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2016-2366-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious server or man-in-the-middle could trigger a crash.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Validate the data length. Use the correct data types.&lt;/p&gt;</description>
			</item>
			<item>
				<title>X.509 Certificates Improperly Imported</title>
				<link>https://security.imfreedom.org/advisories/cve-2016-1000030-00/</link>
				<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2016-1000030-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;X.509 certificates may be improperly imported when using GnuTLS.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Check return values from &lt;code&gt;gnutls_x509_crt_init()&lt;/code&gt; and&#xA;&lt;code&gt;gnutls_x509_crt_import()&lt;/code&gt;.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Insufficient SSL certificate validation</title>
				<link>https://security.imfreedom.org/advisories/cve-2014-3694-00/</link>
				<pubDate>Wed, 22 Oct 2014 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2014-3694-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Both of libpurple&amp;rsquo;s bundled SSL/TLS plugins (one for GnuTLS and one for NSS)&#xA;failed to check that the Basic Constraints extension allowed intermediate&#xA;certificates to act as CAs. This allowed anyone with any valid certificate to&#xA;create a fake certificate for any arbitrary domain and Pidgin would trust it.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Both bundled plugins were changed to check the Basic Constraints extension on&#xA;all intermediate CA certificates.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Malicious smiley themes could alter arbitrary files</title>
				<link>https://security.imfreedom.org/advisories/cve-2014-3697-00/</link>
				<pubDate>Wed, 22 Oct 2014 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2014-3697-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A bug in the untar code on Windows could allow a malicious smiley theme to place&#xA;a file anywhere on the file system, or alter an existing file when installing a&#xA;smiley theme via drag and drop on Windows.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Fix the untar code to ensure all paths are relative.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Potential information leak from XMPP</title>
				<link>https://security.imfreedom.org/advisories/cve-2014-3698-00/</link>
				<pubDate>Wed, 22 Oct 2014 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2014-3698-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious server and possibly even a malicious remote user could create a&#xA;carefully crafted XMPP message that causes libpurple to send an XMPP message&#xA;containing arbitrary memory.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Correctly determine the start and end position of buffers when performing&#xA;stringprep.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Remote crash parsing malformed Groupwise message</title>
				<link>https://security.imfreedom.org/advisories/cve-2014-3696-00/</link>
				<pubDate>Wed, 22 Oct 2014 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2014-3696-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious server or man-in-the-middle could trigger a crash in libpurple by&#xA;specifying that a large amount of memory should be allocated in many places in&#xA;the UI.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Impose a maximum length when reading various types of messages.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Remote crash parsing malformed MXit emoticon</title>
				<link>https://security.imfreedom.org/advisories/cve-2014-3695-00/</link>
				<pubDate>Wed, 22 Oct 2014 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2014-3695-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious server or man-in-the-middle could trigger a crash in libpurple by&#xA;sending an emoticon with an overly large length value.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Verify that the length value is valid before attempting to read data from the&#xA;buffer.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Buffer overflow in Gadu-Gadu HTTP parsing</title>
				<link>https://security.imfreedom.org/advisories/cve-2013-6487-00/</link>
				<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2013-6487-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious server or man-in-the-middle could send a large value for&#xA;Content-Length and cause an integer overflow which could lead to a buffer&#xA;overflow.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Enforce a maximum size for content-length.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Buffer overflow in MXit emoticon parsing</title>
				<link>https://security.imfreedom.org/advisories/cve-2013-6489-00/</link>
				<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2013-6489-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A specially crafted emoticon value could cause an integer overflow which could&#xA;lead to a buffer overflow.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Use an unsigned integer and enforce a maximum size.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Buffer overflow parsing chunked HTTP responses</title>
				<link>https://security.imfreedom.org/advisories/cve-2013-6485-00/</link>
				<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2013-6485-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious server or man-in-the-middle could cause a buffer overflow by sending&#xA;a malformed HTTP response with chunked Transfer-Encoding with invalid chunk&#xA;sizes.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Enforce a maximum size for chunks.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Crash handling bad XMPP timestamp</title>
				<link>https://security.imfreedom.org/advisories/cve-2013-6477-00/</link>
				<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2013-6477-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A remote XMPP user can trigger a crash on some systems by sending a message with&#xA;a timestamp in the distant future.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Avoid passing negative timestamps to &lt;code&gt;localtime()&lt;/code&gt;.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Crash reading response from STUN server</title>
				<link>https://security.imfreedom.org/advisories/cve-2013-6484-00/</link>
				<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2013-6484-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Incorrect error handling when reading the response from a STUN server could lead&#xA;to a crash.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Fix error handling.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Crash when hovering pointer over a long URL</title>
				<link>https://security.imfreedom.org/advisories/cve-2013-6478-00/</link>
				<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2013-6478-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;libX11 forcefully exits when Pidgin tries to create an exceptionally wide&#xA;tooltip window.&lt;/p&gt;&#xA;&lt;p&gt;&lt;a href=&#34;https://lists.pidgin.im/pipermail/support/2013-March/012980.html&#34;&gt;support email #1&lt;/a&gt;&lt;/p&gt;&#xA;&lt;p&gt;&lt;a href=&#34;https://lists.pidgin.im/pipermail/support/2013-March/012981.html&#34;&gt;support email #2&lt;/a&gt;&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Only display the first 200 characters of the URL in the tooltip.&lt;/p&gt;</description>
			</item>
			<item>
				<title>NULL pointer dereference parsing headers in MSN</title>
				<link>https://security.imfreedom.org/advisories/cve-2013-6482-01/</link>
				<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2013-6482-01/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malformed Content-Length header could lead to a NULL pointer dereference.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Check to make sure the Content-Length header has a value.&lt;/p&gt;</description>
			</item>
			<item>
				<title>NULL pointer dereference parsing OIM data in MSN</title>
				<link>https://security.imfreedom.org/advisories/cve-2013-6482-02/</link>
				<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2013-6482-02/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious server or man-in-the-middle could send us a specially-crafted XML&#xA;response that results in a NULL pointer dereference.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Check for NULL before calling &lt;code&gt;atoi()&lt;/code&gt;.&lt;/p&gt;</description>
			</item>
			<item>
				<title>NULL pointer dereference parsing SOAP data in MSN</title>
				<link>https://security.imfreedom.org/advisories/cve-2013-6482-03/</link>
				<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2013-6482-03/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious server or man-in-the-middle could send us a specially-crafted SOAP&#xA;response that results in a NULL pointer dereference.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Check for NULL before using values.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Pidgin uses clickable links to untrusted executables</title>
				<link>https://security.imfreedom.org/advisories/cve-2013-6486-00/</link>
				<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2013-6486-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;If a user clicks on a file:// URI in a received IM in Windows builds of Pidgin,&#xA;Pidgin attempts to execute the file. This can be dangerous if the file:// URI is&#xA;a path on a network share. This was originally reported in &lt;a href=&#34;https://security.imfreedom.org/advisories/cve-2011-3185-00/&#34;&gt;CVE-2011-3185&lt;/a&gt; in 2011&#xA;and we attempted to fix it then, but failed.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Don&amp;rsquo;t attempt to execute files when the user clicks a file:// URI. Instead, open&#xA;a file browser at the file&amp;rsquo;s location.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Remote crash parsing HTTP responses</title>
				<link>https://security.imfreedom.org/advisories/cve-2013-6479-00/</link>
				<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2013-6479-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious server or man-in-the-middle could send a malformed HTTP response&#xA;that could lead to a crash.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Validate response before using it.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Remote crash reading Yahoo! P2P message</title>
				<link>https://security.imfreedom.org/advisories/cve-2013-6481-00/</link>
				<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2013-6481-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;The Yahoo! protocol plugin failed to validate a length field before trying to&#xA;read from a buffer, which could result in reading past the end of the buffer&#xA;which could cause a crash.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Check that the length is within range.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Remotely triggerable crash in IRC argument parsing</title>
				<link>https://security.imfreedom.org/advisories/cve-2014-0020-00/</link>
				<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2014-0020-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A malicious server or man-in-the-middle could trigger a crash in libpurple by&#xA;sending a message with fewer than expected arguments.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Verify that incoming messages contain the appropriate number of arguments before&#xA;handling them.&lt;/p&gt;</description>
			</item>
			<item>
				<title>XMPP doesn&#39;t verify &#39;from&#39; on some iq replies</title>
				<link>https://security.imfreedom.org/advisories/cve-2013-6483-00/</link>
				<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2013-6483-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;The XMPP protocol plugin failed to ensure that iq replies came from the person&#xA;they were sent to. A remote user could send a spoofed iq reply and attempt to&#xA;guess the iq id. This could allow an attacker to inject fake data or trigger a&#xA;null pointer dereference.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Keep track of the &amp;rsquo;to&amp;rsquo; when sending an iq stanza and make sure replies for a&#xA;given stanza ID come from the same address it was sent to.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Yahoo! remote crash from incorrect character encoding</title>
				<link>https://security.imfreedom.org/advisories/cve-2012-6152-00/</link>
				<pubDate>Sat, 28 Jan 2012 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2012-6152-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Many places in the Yahoo! protocol plugin assumed incoming strings were UTF-8&#xA;and failed to transcode from non-UTF-8 encodings. This can lead to a crash when&#xA;receiving strings that aren&amp;rsquo;t UTF-8.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Depending on the context, either validate that a string is UTF-8 or transcode&#xA;the string from the appropriate encoding to UTF-8.&lt;/p&gt;</description>
			</item>
			<item>
				<title>XMPP remote crash</title>
				<link>https://security.imfreedom.org/advisories/cve-2011-4602-00/</link>
				<pubDate>Sat, 10 Dec 2011 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2011-4602-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;When receiving various stanzas related to voice and video chat, the XMPP&#xA;protocol plugin failed to ensure that the incoming message contained all&#xA;required fields, and would crash if certain fields were missing.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Check for missing fields and handle them appropriately.&lt;/p&gt;</description>
			</item>
			<item>
				<title>AIM and ICQ remote crash</title>
				<link>https://security.imfreedom.org/advisories/cve-2011-4601-00/</link>
				<pubDate>Thu, 20 Oct 2011 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2011-4601-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;When receiving various messages related to requesting or receiving authorization&#xA;for adding a buddy to a buddy list, the oscar protocol plugin failed to validate&#xA;that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a&#xA;crash.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Validate incoming strings as UTF-8 before using them as such.&lt;/p&gt;</description>
			</item>
			<item>
				<title>SILC remote crash</title>
				<link>https://security.imfreedom.org/advisories/cve-2011-3594-00/</link>
				<pubDate>Thu, 29 Sep 2011 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2011-3594-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;When receiving various incoming messages, the SILC protocol plugin failed to&#xA;validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would&#xA;lead to a crash.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Validate incoming strings as UTF-8 before using them as such.&lt;/p&gt;</description>
			</item>
			<item>
				<title>SILC remote crash</title>
				<link>https://security.imfreedom.org/advisories/cve-2011-4603-00/</link>
				<pubDate>Thu, 29 Sep 2011 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2011-4603-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;When receiving various incoming messages, the SILC protocol plugin failed to&#xA;validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would&#xA;lead to a crash. This vulnerability is similar to CVE-2011-3594, but occurs in a&#xA;different piece of code and was fixed at a later date.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Validate incoming strings as UTF-8 before using them as such.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Pidgin uses clickable links to untrusted executables</title>
				<link>https://security.imfreedom.org/advisories/cve-2011-3185-00/</link>
				<pubDate>Sat, 20 Aug 2011 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2011-3185-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;If a user clicks on a file:// URI in a received IM in Windows builds of Pidgin,&#xA;Pidgin attempts to execute the file. This can be dangerous if the file:// URI is&#xA;a path on a network share.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Don&amp;rsquo;t attempt to execute files when the user clicks a file:// URI. Instead, open&#xA;a file browser at the file&amp;rsquo;s location.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Remote crash in IRC protocol plugin</title>
				<link>https://security.imfreedom.org/advisories/cve-2011-2943-00/</link>
				<pubDate>Sat, 20 Aug 2011 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2011-2943-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Certain characters in the nicknames of IRC users can trigger a null pointer&#xA;dereference in the IRC protocol plugin&amp;rsquo;s handling of responses to WHO requests.&#xA;This can cause a crash on some operating systems. Clients based on libpurple&#xA;2.8.0 through 2.9.0 are affected.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Change libpurple to validate the data it receives from the server before&#xA;attempting to use it.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Remote crash in MSN protocol plugin</title>
				<link>https://security.imfreedom.org/advisories/cve-2011-3184-00/</link>
				<pubDate>Sat, 20 Aug 2011 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2011-3184-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Incorrect handling of HTTP 100 responses in the MSN protocol plugin can cause&#xA;the application to attempt to access memory that it does not have access to.&#xA;This only affects users who have turned on the HTTP connection method for their&#xA;accounts (it&amp;rsquo;s off by default). This might only be triggerable by a malicious&#xA;server and not a malicious peer. We believe remote code execution is not&#xA;possible.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Correctly take into account the size of HTTP 100 response when parsing server&#xA;messages.&lt;/p&gt;</description>
			</item>
			<item>
				<title>XMPP remote crash</title>
				<link>https://security.imfreedom.org/advisories/cve-2011-4939-00/</link>
				<pubDate>Fri, 08 Jul 2011 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2011-4939-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Certain types of nickname changes in XMPP chat rooms can trigger a NULL pointer&#xA;dereference in Pidgin, which triggers a crash.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Check for NULL before trying to use a struct.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Remote denial of service from corrupt buddy icons</title>
				<link>https://security.imfreedom.org/advisories/cve-2011-2485-00/</link>
				<pubDate>Thu, 23 Jun 2011 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2011-2485-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;It was found that the gdk-pixbuf GIF image loader routine&#xA;&lt;code&gt;gdk_pixbuf__gif_image_load()&lt;/code&gt; did not properly handle certain return values&#xA;from its subroutines. A remote attacker could provide a specially-crafted GIF&#xA;image, which, once opened in Pidgin, would lead gdk-pixbuf to return a partially&#xA;initialized pixbuf structure. Using this structure, possibly containing a huge&#xA;width and height, could lead to the application being terminated due to&#xA;excessive memory use.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Change Pidgin to look at the GError parameter in addition to the return value&#xA;when calling certain gdk-pixbuf functions.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Remote denial of service in Yahoo protocol plugin</title>
				<link>https://security.imfreedom.org/advisories/cve-2011-1091-00/</link>
				<pubDate>Thu, 10 Mar 2011 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2011-1091-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;The Yahoo protocol plugin in libpurple versions 2.6.0 through 2.7.10 do not&#xA;properly handle malformed YMSG packets, leading to NULL pointer dereferences and&#xA;application crash.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Properly handle malformed packets by ignoring the packet or the missing field.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Cipher API information disclosure</title>
				<link>https://security.imfreedom.org/advisories/independent-20110206-00/</link>
				<pubDate>Sun, 06 Feb 2011 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/independent-20110206-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;It was discovered that libpurple versions prior to 2.7.10 do not properly clear&#xA;certain data structures used in &lt;code&gt;libpurple/cipher.c&lt;/code&gt; prior to freeing. An&#xA;attacker could potentially extract partial information from memory regions freed&#xA;by libpurple.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Proper structure clearing has been implemented.&lt;/p&gt;</description>
			</item>
			<item>
				<title>MSN direct connection denial of service</title>
				<link>https://security.imfreedom.org/advisories/cve-2010-4528-00/</link>
				<pubDate>Sun, 26 Dec 2010 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2010-4528-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;It was discovered that libpurple 2.7.6 through 2.7.8 did not properly handle&#xA;&amp;ldquo;short&amp;rdquo; packets in MSN direct connection sessions, leading to a crash due to a&#xA;NULL pointer dereference. Malicious clients or users can exploit this to cause a&#xA;denial of service (crash).&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Ignore short packets.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Multiple remotely-triggered denials of service</title>
				<link>https://security.imfreedom.org/advisories/cve-2010-3711-00/</link>
				<pubDate>Wed, 20 Oct 2010 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2010-3711-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;It has been discovered that eight denial of service conditions exist in&#xA;libpurple all due to insufficient validation of the return value from&#xA;&lt;code&gt;purple_base64_decode()&lt;/code&gt;. Invalid or malformed data received in place of a valid&#xA;base64-encoded value in portions of the Yahoo!, MSN, MySpaceIM, and XMPP&#xA;protocol plugins and the NTLM authentication support trigger a crash. These&#xA;vulnerabilities can be leveraged by a remote user for denial of service.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Check the return value from &lt;code&gt;purple_base64_decode()&lt;/code&gt; before trying to use it.&lt;/p&gt;</description>
			</item>
			<item>
				<title>ICQ X-Status denial of service</title>
				<link>https://security.imfreedom.org/advisories/cve-2010-2528-00/</link>
				<pubDate>Wed, 21 Jul 2010 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2010-2528-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Certain incorrectly formed X-Status messages can cause libpurple to attempt to&#xA;dereference a NULL pointer, which triggers a crash.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Improve the parsing of the X-Status message to be more robust.&lt;/p&gt;</description>
			</item>
			<item>
				<title>MSN emoticon denial of service</title>
				<link>https://security.imfreedom.org/advisories/cve-2010-1624-00/</link>
				<pubDate>Wed, 12 May 2010 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2010-1624-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A vulnerability was discovered in libpurple&amp;rsquo;s MSN protocol plugin that can cause&#xA;a denial of service (crash) due to insufficient validation of certain SLP&#xA;packets related to custom emoticons. An attacker could use this vulnerability to&#xA;remotely crash a client using libpurple for MSN. It is not possible for this&#xA;vulnerability to be exploited for code execution. As a workaround, disabling&#xA;custom emoticons on MSN accounts will prevent the vulnerability.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Finch XMPP MUC crash</title>
				<link>https://security.imfreedom.org/advisories/cve-2010-0420-00/</link>
				<pubDate>Thu, 18 Feb 2010 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2010-0420-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;If a user in a multi-user chat room has a nickname containing &lt;code&gt;&amp;lt;br&amp;gt;&lt;/code&gt; then&#xA;libpurple ends up having two users with username &lt;code&gt;&#39; &#39;&lt;/code&gt; in the room, and Finch&#xA;crashes in this situation. We do not believe there is a possibility of remote&#xA;code execution.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Correctly parse &lt;code&gt;&amp;lt;br&amp;gt;&lt;/code&gt; so that it appears literally rather than as &lt;code&gt;&#39; &#39;&lt;/code&gt;.&lt;/p&gt;</description>
			</item>
			<item>
				<title>MSN malformed SLP message crash</title>
				<link>https://security.imfreedom.org/advisories/cve-2010-0277-00/</link>
				<pubDate>Thu, 18 Feb 2010 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2010-0277-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Certain malformed SLP messages can trigger a crash because the MSN protocol&#xA;plugin fails to check that all pieces of the message are set correctly.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Validate input before attempting to handle the message.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Smiley denial of service</title>
				<link>https://security.imfreedom.org/advisories/cve-2010-0423-00/</link>
				<pubDate>Thu, 18 Feb 2010 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2010-0423-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;oCERT notified us about a problem in Pidgin, where a large amount of processing&#xA;time will be used when inserting many smileys into an IM or chat window. This&#xA;should not cause a crash, but Pidgin can become unusably slow.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;A limit was added for the maximum number of smileys allowed in a conversation.&lt;/p&gt;</description>
			</item>
			<item>
				<title>MSN file download vulnerability</title>
				<link>https://security.imfreedom.org/advisories/cve-2010-0013-00/</link>
				<pubDate>Fri, 08 Jan 2010 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2010-0013-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;The MSN protocol plugin extracts the filename of a custom emoticon from an&#xA;incoming request and uploads that file without correlating the filename to a&#xA;valid custom emoticon.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Validate the custom emoticon requested is valid before uploading its file data.&lt;/p&gt;</description>
			</item>
			<item>
				<title>ICQ and maybe AIM remote crash</title>
				<link>https://security.imfreedom.org/advisories/cve-2009-3615-00/</link>
				<pubDate>Fri, 16 Oct 2009 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2009-3615-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A specially crafted message can trigger an incorrect memory access in the oscar&#xA;protocol plugin which can lead to a crash. This happens when the SIM IM client&#xA;attempts to send contacts to a libpurple user.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Check for the correct number of fields before attempting to dereference memory.&lt;/p&gt;</description>
			</item>
			<item>
				<title>IRC crash from malicious server</title>
				<link>https://security.imfreedom.org/advisories/cve-2009-2703-00/</link>
				<pubDate>Thu, 03 Sep 2009 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2009-2703-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A specially crafted IRC TOPIC message can trigger a NULL pointer dereference in&#xA;the IRC protocol plugin&amp;rsquo;s code for handling IRC topics.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Correctly ignore invalid TOPIC messages sent from the server.&lt;/p&gt;</description>
			</item>
			<item>
				<title>MSN handwritten message crash</title>
				<link>https://security.imfreedom.org/advisories/cve-2009-3084-00/</link>
				<pubDate>Thu, 03 Sep 2009 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2009-3084-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;The MSN protocol plugin used an incorrect character encoding when attempting to&#xA;convert handwritten messages from one encoding to another. This caused the&#xA;conversion to fail. This failure combined with an uninitialized variable can&#xA;trigger a crash. The only vulnerable versions of libpurple are 2.6.0 and 2.6.1.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Use the correct character set name and initialize error to NULL.&lt;/p&gt;</description>
			</item>
			<item>
				<title>MSN partial SLP invite crash</title>
				<link>https://security.imfreedom.org/advisories/cve-2009-3083-00/</link>
				<pubDate>Thu, 03 Sep 2009 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2009-3083-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;The MSN protocol plugin extracts some fields from an incoming SLP invite. If&#xA;some of these fields do not exist in the invite message then the protocol plugin&#xA;will attempt to dereference a NULL pointer and will crash.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Check for NULL values and handle appropriately.&lt;/p&gt;</description>
			</item>
			<item>
				<title>XMPP custom smiley parsing bug</title>
				<link>https://security.imfreedom.org/advisories/cve-2009-3085-00/</link>
				<pubDate>Thu, 03 Sep 2009 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2009-3085-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;The XMPP protocol plugin can crash when attempting to process an error response&#xA;as a custom smiley. libpurple 2.5.2 through 2.6.1 are vulnerable. Older versions&#xA;may be vulnerable as well.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Handle error iq responses appropriately.&lt;/p&gt;</description>
			</item>
			<item>
				<title>XMPP may not enforce TLS</title>
				<link>https://security.imfreedom.org/advisories/cve-2009-3026-00/</link>
				<pubDate>Thu, 03 Sep 2009 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2009-3026-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;The XMPP protocol plugin can be tricked into establishing an insecure connection&#xA;by a malicious man in the middle by causing libpurple to use the older IQ-based&#xA;login and then not offering TLS/SSL. The &amp;ldquo;require TLS/SSL&amp;rdquo; option was introduced&#xA;in 2.2.0.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Respect the &amp;ldquo;require TLS/SSL&amp;rdquo; preference for this type of connection.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Yahoo IM parsing crash</title>
				<link>https://security.imfreedom.org/advisories/cve-2009-3025-00/</link>
				<pubDate>Sat, 22 Aug 2009 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2009-3025-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Possibly depending on the architecture and/or flags used to compile libpurple,&#xA;the Yahoo protocol plugin may crash when receiving an IM from any user which&#xA;contains a URL. The only vulnerable version of libpurple is 2.6.0.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Correctly parse URLs in incoming Yahoo messages.&lt;/p&gt;</description>
			</item>
			<item>
				<title>MSN overflow parsing SLP messages</title>
				<link>https://security.imfreedom.org/advisories/cve-2009-2694-00/</link>
				<pubDate>Tue, 18 Aug 2009 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2009-2694-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;By sending two consecutive specially crafted SLP messages it is possible to&#xA;trigger an memcpy to an invalid location in memory. This affects all versions of&#xA;libpurple and Gaim released in the past few years.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Correctly destroy outgoing SLP ACK messages after they are sent, and ensure a&#xA;buffer has been allocated within the SLP data structure before attempting to&#xA;write to it.&lt;/p&gt;</description>
			</item>
			<item>
				<title>ICQ parser excessive memory allocation</title>
				<link>https://security.imfreedom.org/advisories/cve-2009-1889-00/</link>
				<pubDate>Thu, 28 May 2009 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2009-1889-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;The ICQ prpl would misparse an incoming ICQ Web Message as an SMS message in&#xA;certain circumstances, leading to an excessively large allocation.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Yuriy&amp;rsquo;s patch corrected the misparsing of such ICQ web messages so they are no&#xA;longer treated as SMS messages and added validation to avoid unnecessary memory&#xA;allocations.&lt;/p&gt;</description>
			</item>
			<item>
				<title>QQ remote DoS</title>
				<link>https://security.imfreedom.org/advisories/cve-2009-1374-00/</link>
				<pubDate>Sun, 03 May 2009 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2009-1374-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;&lt;code&gt;decrypt_out()&lt;/code&gt; always writes 8 bytes past the supplied buffer, which is always&#xA;allocated on the stack. We don&amp;rsquo;t believe this can cause anything outside of a&#xA;crash.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;&lt;code&gt;decrypt_out()&lt;/code&gt; is fixed to not write past the end of the buffer.&lt;/p&gt;</description>
			</item>
			<item>
				<title>MSN malformed SLP message overflow</title>
				<link>https://security.imfreedom.org/advisories/cve-2009-1376-00/</link>
				<pubDate>Sat, 02 May 2009 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2009-1376-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;The previous fix to &lt;a href=&#34;https://security.imfreedom.org/advisories/cve-2008-2927-00/&#34;&gt;CVE-2008-2927&lt;/a&gt; was deemed&#xA;incomplete. The size check improperly cast an &lt;code&gt;uint64&lt;/code&gt; to &lt;code&gt;size_t&lt;/code&gt; which can&#xA;cause an integer overflow, rendering the check useless.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;The proper variable type is now used when doing size comparison. Additionally,&#xA;the malformed message is now properly discarded.&lt;/p&gt;</description>
			</item>
			<item>
				<title>XMPP file transfer buffer overflow</title>
				<link>https://security.imfreedom.org/advisories/cve-2009-1373-00/</link>
				<pubDate>Sat, 02 May 2009 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2009-1373-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;The XMPP SOCKS5 bytestream server was not correctly checking the bounds of a&#xA;buffer when initiating an outgoing file transfer.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;The affected function has been patched to fix the vulnerability.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Remote DoS in multiple protocols</title>
				<link>https://security.imfreedom.org/advisories/cve-2009-1375-00/</link>
				<pubDate>Fri, 20 Mar 2009 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2009-1375-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A buffer maintained by &lt;code&gt;PurpleCircBuffer&lt;/code&gt; may be corrupted if it&amp;rsquo;s exactly full&#xA;and then more bytes are added to it, leading to a crash. This structure is used&#xA;by the XMPP and Sametime protocol plugins.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;PurpleCircBuffer now correctly checks bounds.&lt;/p&gt;</description>
			</item>
			<item>
				<title>NSS TLS/SSL Certificates not validated</title>
				<link>https://security.imfreedom.org/advisories/cve-2008-3532-00/</link>
				<pubDate>Fri, 25 Jul 2008 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2008-3532-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;The NSS SSL implementation in libpurple does not verify SSL certificates, which&#xA;makes it easier for remote attackers to trick a user into accepting an invalid&#xA;server certificate for a spoofed service.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;SSL/TLS Certificates are now verified in the NSS implementation in libpurple.&lt;/p&gt;</description>
			</item>
			<item>
				<title>MSN malformed SLP message overflow</title>
				<link>https://security.imfreedom.org/advisories/cve-2008-2927-00/</link>
				<pubDate>Tue, 01 Jul 2008 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2008-2927-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Multiple integer overflows in the &lt;code&gt;msn_slplink_process_msg&lt;/code&gt; functions in the&#xA;MSN protocol handler in libpurple allow remote attackers to execute arbitrary&#xA;code via a malformed SLP message.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;The affected function has been patched to fix the vulnerability.&lt;/p&gt;</description>
			</item>
			<item>
				<title>MSN Remote file transfer filename DoS</title>
				<link>https://security.imfreedom.org/advisories/cve-2008-2955-00/</link>
				<pubDate>Wed, 25 Jun 2008 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2008-2955-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A remote MSN user can cause a denial of service (crash) by sending a file with&#xA;a file with a filename containing invalid characters. The local user must then&#xA;accept the file transfer to trigger a double-free.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;A fix was applied to ensure that the double-free didn&amp;rsquo;t occur.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Remote UPnP discovery DoS</title>
				<link>https://security.imfreedom.org/advisories/cve-2008-2957-00/</link>
				<pubDate>Sun, 11 May 2008 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2008-2957-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;The UPnP functionality in libpurple allows remote attackers to trigger the&#xA;download of arbitrary files and cause a denial of service (memory or disk&#xA;consumption) via a UDP packet that specifies an arbitrary URL.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;UPnP related downloads are limited to 128kB.&lt;/p&gt;</description>
			</item>
			<item>
				<title>NULL pointer dereference in parsing invalid HTML</title>
				<link>https://security.imfreedom.org/advisories/cve-2007-4999-00/</link>
				<pubDate>Wed, 24 Oct 2007 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2007-4999-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A remote user can cause a denial of service (crash) by sending a message with&#xA;invalid HTML. It is believed that this crash can be triggered only when using&#xA;HTML logging.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;The affected function has been patched to fix the vulnerability.&lt;/p&gt;</description>
			</item>
			<item>
				<title>MSN Remote &#34;Nudge&#34; DoS</title>
				<link>https://security.imfreedom.org/advisories/cve-2007-4996-00/</link>
				<pubDate>Thu, 27 Sep 2007 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2007-4996-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A remote MSN user that is not on the buddy list can cause a denial of service&#xA;(crash) by sending a nudge message. The protocol plugin attempts to look up the&#xA;buddy&amp;rsquo;s information and accesses an invalid memory location if the user is not&#xA;on the buddy list. This only affects libpurple version 2.2.0, older versions&#xA;are not affected.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;The nudge functionality in the MSN protocol has been rewritten to avoid an&#xA;unnecessary lookup of buddy information.&lt;/p&gt;</description>
			</item>
			<item>
				<title>AIM/ICQ away message buffer overflow</title>
				<link>https://security.imfreedom.org/advisories/cve-2005-2103-00/</link>
				<pubDate>Thu, 11 Aug 2005 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2005-2103-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A remote AIM or ICQ user can cause a buffer overflow in Gaim by setting an away&#xA;message containing many AIM substitution strings (such as &lt;code&gt;%t&lt;/code&gt; or &lt;code&gt;%n&lt;/code&gt;).&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;The substitution function was modified to use a dynamic buffer instead of one&#xA;with a fixed size.&lt;/p&gt;</description>
			</item>
			<item>
				<title>AIM/ICQ non-UTF-8 filename crash</title>
				<link>https://security.imfreedom.org/advisories/cve-2005-2102-00/</link>
				<pubDate>Thu, 11 Aug 2005 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2005-2102-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;A remote user could cause Gaim to crash on some systems by sending the Gaim&#xA;user a file whose filename contains certain invalid characters. It is unknown&#xA;what combination of systems are affected, but it is suspected that Windows&#xA;users and systems with older versions of GTK are especially susceptible.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;The filename is validated as UTF-8 before Gaim attempts to display it.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Gadu-Gadu memory alignment bug</title>
				<link>https://security.imfreedom.org/advisories/cve-2005-2370-00/</link>
				<pubDate>Thu, 11 Aug 2005 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2005-2370-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;There was a memory alignment bug in the library Gaim uses to access the&#xA;Gadu-Gadu network. This bug can not be exploited on x86 architectures. This bug&#xA;was recently fixed in the libgadu library, but also needed to be fixed in Gaim&#xA;because Gaim includes a copy of the libgadu library.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;The vulnerable section of code was modified to work correctly on all&#xA;architectures.&lt;/p&gt;</description>
			</item>
			<item>
				<title>MSN Remote DoS</title>
				<link>https://security.imfreedom.org/advisories/cve-2005-1934-00/</link>
				<pubDate>Fri, 10 Jun 2005 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2005-1934-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Remote attackers can cause a denial of service (crash) via a malformed MSN&#xA;message that leads to a memory allocation of a large size, possibly due to an&#xA;integer signedness error.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Added a check for the invalid message.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Remote Yahoo! crash</title>
				<link>https://security.imfreedom.org/advisories/cve-2005-1269-00/</link>
				<pubDate>Fri, 10 Jun 2005 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2005-1269-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Remove denial of service when being offered files with names containing&#xA;non-ASCII characters.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Attempt to convert the file name to a usable encoding, or fail gracefully in&#xA;the case of an invalid file name.&lt;/p&gt;</description>
			</item>
			<item>
				<title>MSN Remote DoS</title>
				<link>https://security.imfreedom.org/advisories/cve-2005-1262-00/</link>
				<pubDate>Tue, 10 May 2005 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2005-1262-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Potential remote denial of service bug resulting from not checking a pointer&#xA;for non-&lt;code&gt;NULL&lt;/code&gt; before passing it to strncmp, which results in a crash. This can&#xA;be triggered by a remote client sending an SLP message with an empty body.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Check for &lt;code&gt;NULL&lt;/code&gt; before attempting to use the pointer.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Remote crash on some protocols</title>
				<link>https://security.imfreedom.org/advisories/cve-2005-1261-00/</link>
				<pubDate>Tue, 10 May 2005 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2005-1261-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;It is possible for a remote user to overflow a static buffer by sending an IM&#xA;containing a very large URL (greater than 8192 bytes) to the Gaim user. This is&#xA;not possible on all protocols, due to message length restrictions. Jabber are&#xA;SILC are known to be vulnerable.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;The URL parsing function was modified to not use a static buffer.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Jabber remote crash</title>
				<link>https://security.imfreedom.org/advisories/cve-2005-0967-00/</link>
				<pubDate>Mon, 04 Apr 2005 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2005-0967-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Sending a Gaim Jabber user a certain invalid file transfer request triggers an&#xA;out-of-bounds read which causes Gaim to crash.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;The invalid file transfer request is ignored.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Remote DoS on receiving certain messages over IRC</title>
				<link>https://security.imfreedom.org/advisories/cve-2005-0966-00/</link>
				<pubDate>Sat, 02 Apr 2005 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2005-0966-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows:&lt;/p&gt;&#xA;&lt;ol&gt;&#xA;&lt;li&gt;remote attackers to inject arbitrary Gaim markup via &lt;code&gt;irc_msg_kick&lt;/code&gt;,&#xA;&lt;code&gt;irc_msg_mode&lt;/code&gt;, &lt;code&gt;irc_msg_part&lt;/code&gt;, &lt;code&gt;irc_msg_quit&lt;/code&gt;,&lt;/li&gt;&#xA;&lt;li&gt;remote attackers to inject arbitrary Pango markup and pop up empty dialog&#xA;boxes via &lt;code&gt;irc_msg_invite&lt;/code&gt;, or&lt;/li&gt;&#xA;&lt;li&gt;malicious IRC servers to cause a denial of service (application crash) by&#xA;injecting certain Pango markup into &lt;code&gt;irc_msg_badmode&lt;/code&gt;, &lt;code&gt;irc_msg_banned&lt;/code&gt;,&#xA;&lt;code&gt;irc_msg_unknown&lt;/code&gt;, &lt;code&gt;irc_msg_nochan&lt;/code&gt; functions.&lt;/li&gt;&#xA;&lt;/ol&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;The IRC protocol plugin was modified to escape appropriate messages passed to&#xA;the Gaim core.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Remote DoS on receiving malformed HTML</title>
				<link>https://security.imfreedom.org/advisories/cve-2005-0965-00/</link>
				<pubDate>Sat, 02 Apr 2005 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2005-0965-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;The &lt;code&gt;gaim_markup_strip_html&lt;/code&gt; function in Gaim 1.2.0, and possibly earlier&#xA;versions, allows remote attackers to cause a denial of service (application&#xA;crash) via a string that contains malformed HTML, which causes an out-of-bounds&#xA;read.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;The function was changed to not allow the out-of-bounds read.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Remote DoS on receiving malformed HTML</title>
				<link>https://security.imfreedom.org/advisories/cve-2005-0208-00/</link>
				<pubDate>Thu, 24 Feb 2005 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2005-0208-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Remote crash. Receiving malformed HTML can result in an invalid memory access&#xA;causing Gaim to crash.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;The HTML parsing functions were modified to correctly parse the malformed HTML.&lt;/p&gt;</description>
			</item>
			<item>
				<title>AIM/ICQ remote denial of service</title>
				<link>https://security.imfreedom.org/advisories/cve-2005-0472-00/</link>
				<pubDate>Thu, 17 Feb 2005 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2005-0472-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Certain malformed SNAC packets sent by other AIM or ICQ users can trigger an&#xA;infinite loop in Gaim when parsing the SNAC. The remote user would need a&#xA;custom client, able to generate malformed SNACs.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;The OSCAR protocol plugin was modified to drop these malformed packets.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Remote DoS on receiving malformed HTML</title>
				<link>https://security.imfreedom.org/advisories/cve-2005-0473-00/</link>
				<pubDate>Thu, 17 Feb 2005 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2005-0473-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Remote crash. Receiving malformed HTML can result in an invalid memory access&#xA;causing Gaim to crash.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;The HTML parsing functions were modified to correctly parse the malformed HTML.&lt;/p&gt;</description>
			</item>
			<item>
				<title>MSN File transfer DOS (malloc error)</title>
				<link>https://security.imfreedom.org/advisories/independent-20041019-00/</link>
				<pubDate>Tue, 19 Oct 2004 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/independent-20041019-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Remote crash. After accepting a file transfer request, Gaim will attempt to&#xA;allocate a buffer of a size equal to the entire filesize, this allocation&#xA;attempt will cause Gaim to crash if the size exceeds the amount of available&#xA;memory.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Don&amp;rsquo;t allocate a buffer for file transfers.&lt;/p&gt;</description>
			</item>
			<item>
				<title>MSN SLP buffer overflow</title>
				<link>https://security.imfreedom.org/advisories/cve-2004-0891-00/</link>
				<pubDate>Tue, 19 Oct 2004 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2004-0891-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Buffer overflow.  &lt;code&gt;memcpy&lt;/code&gt; was used without checking the size of the buffer&#xA;before copying to it.  Additionally, a logic flaw was causing the wrong buffer&#xA;to be used as the destination for the copy under certain circumstances.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Correct the logic to select the correct buffer, and add bounds checking to&#xA;prevent malformed messages causing a buffer overflow.&lt;/p&gt;</description>
			</item>
			<item>
				<title>MSN SLP DOS (malloc error)</title>
				<link>https://security.imfreedom.org/advisories/independent-20041019-01/</link>
				<pubDate>Tue, 19 Oct 2004 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/independent-20041019-01/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Remote crash. Gaim allocates a buffer for the payload of each message received&#xA;based on the size field in the header of the message. A malicious peer could&#xA;specify an invalid size that exceeds the amount of available memory.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Replace call to &lt;code&gt;g_malloc()&lt;/code&gt; with call to &lt;code&gt;g_try_malloc()&lt;/code&gt;. If the memory could&#xA;not be allocated the function returns instead of causing the application to&#xA;crash.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Content-length DOS (malloc error)</title>
				<link>https://security.imfreedom.org/advisories/independent-20040826-00/</link>
				<pubDate>Thu, 26 Aug 2004 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/independent-20040826-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Remote crash.  When a remote server provides a large &lt;code&gt;content-length&lt;/code&gt; header&#xA;value, Gaim will attempt to allocate a buffer to store the content, however&#xA;this allocation attempt will cause Gaim to crash if the length exceeds the&#xA;amount of possible memory.  This happens when reading profile information on&#xA;some protocols.  It also happens when smiley themes are installed via drag and&#xA;drop.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;The call to &lt;code&gt;g_malloc()&lt;/code&gt; was replaced with a call to &lt;code&gt;g_try_malloc()&lt;/code&gt;.  If the&#xA;memory could not be allocated the function returns instead of causing the&#xA;application to crash.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Groupware message receive integer overflow</title>
				<link>https://security.imfreedom.org/advisories/cve-2004-0754-00/</link>
				<pubDate>Thu, 26 Aug 2004 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2004-0754-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Integer overflow in memory allocation results in heap overflow.  By passing the&#xA;size variable as &lt;code&gt;~0&lt;/code&gt;, integer overflows to 0 when 1 is added in &lt;code&gt;g_alloc()&lt;/code&gt;.&#xA;A &lt;code&gt;malloc(0)&lt;/code&gt; call results in 16 bytes of memory being allocated on IA- 32.&#xA;Then we can overflow the heap when &lt;code&gt;nm_read_all()&lt;/code&gt; is called next step.&#xA;Usually cases like this suck for exploitation, because the len (&lt;code&gt;~0&lt;/code&gt;) is so&#xA;large that a following call to &lt;code&gt;memcpy()&lt;/code&gt; or &lt;code&gt;strcpy()&lt;/code&gt; will just run into&#xA;kernel mem or unmapped address and fault.  However in this case we read the&#xA;data from the network via a &lt;code&gt;read()&lt;/code&gt; call, so we can just stop sending data and&#xA;close the connection to short out before &lt;code&gt;~0&lt;/code&gt; bytes are read.  However, this is&#xA;triggered by input from the server, not directly from a client.  Someone&#xA;running a malicious groupware server could leverage this to run arbitrary code&#xA;on the client.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Local hostname resolution buffer overflow</title>
				<link>https://security.imfreedom.org/advisories/cve-2004-0785-01/</link>
				<pubDate>Thu, 26 Aug 2004 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2004-0785-01/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Buffer overflow.  If the local computer&amp;rsquo;s host name is not in /etc/hosts, and&#xA;the computer performs a DNS query to obtain its hostname when signing on to&#xA;zephyr, it could receive a reply with a hostname greater than &lt;code&gt;MAXHOSTNAMELEN&lt;/code&gt;&#xA;(generally 64 bytes).  If &lt;code&gt;gethostbyname()&lt;/code&gt; does not ensure the size of&#xA;&lt;code&gt;hostent-&amp;gt;h_name&lt;/code&gt; is less than &lt;code&gt;MAXHOSTNAMELEN&lt;/code&gt;, this value would be copied to&#xA;a buffer that is not large enough.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;The calls to copy the hostname were replaced with calls that check the length&#xA;of the destination buffer.&lt;/p&gt;</description>
			</item>
			<item>
				<title>RTF message buffer overflow</title>
				<link>https://security.imfreedom.org/advisories/cve-2004-0785-02/</link>
				<pubDate>Thu, 26 Aug 2004 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2004-0785-02/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Buffer overflow.  There are some loops that read into fixed-sized buffers and&#xA;do not check to make sure they are not writing too much.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Added bounds checking to the two loops.&lt;/p&gt;</description>
			</item>
			<item>
				<title>URL decode buffer overflow</title>
				<link>https://security.imfreedom.org/advisories/cve-2004-0785-00/</link>
				<pubDate>Thu, 26 Aug 2004 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2004-0785-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;Buffer overflow.  The URL is decoded into a static buffer of length 2048 bytes.&#xA;I&amp;rsquo;m not sure it&amp;rsquo;s possible to receive a URL longer than 2048 bytes, as many&#xA;protocols have message limits that are shorter than that.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;A check to make sure the source string is shorter than 2048 bytes is performed.&lt;/p&gt;</description>
			</item>
			<item>
				<title>MSN strncpy buffer overflow</title>
				<link>https://security.imfreedom.org/advisories/cve-2004-0500-00/</link>
				<pubDate>Sun, 22 Aug 2004 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2004-0500-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;In two places in the MSN protocol plugins (&lt;code&gt;object.c&lt;/code&gt; and &lt;code&gt;slp.c&lt;/code&gt;), &lt;code&gt;strncpy&lt;/code&gt;&#xA;was used incorrectly.  The size of the array was not checked before copying to&#xA;it.  Both bugs affect MSN&amp;rsquo;s MSNSLP protocol, which is peer-to-peer, so this&#xA;could potentially be easy to exploit.&lt;/p&gt;&#xA;&lt;h3 id=&#34;mitigation&#34;&gt;Mitigation&lt;/h3&gt;&#xA;&lt;p&gt;Bounds checking was added in both places.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Smiley theme installation lack of escaping</title>
				<link>https://security.imfreedom.org/advisories/cve-2004-0784-00/</link>
				<pubDate>Sun, 22 Aug 2004 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/advisories/cve-2004-0784-00/</guid>
				<description>&lt;h3 id=&#34;description&#34;&gt;Description&lt;/h3&gt;&#xA;&lt;p&gt;To install a new smiley theme, a user can drag a tarball from a graphical file&#xA;manager, or a hypertext link to one from a web browser.  When a tarball is&#xA;dragged, Gaim executes a shell command to untar it.  However, it does not&#xA;escape the filename before sending it to the shell.  Thus, a specially crafted&#xA;filename could execute arbitrary commands if the user could be convinced to&#xA;drag a file into the smiley theme selector.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Contact</title>
				<link>https://security.imfreedom.org/contact/</link>
				<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
				<guid>https://security.imfreedom.org/contact/</guid>
				<description>&lt;p&gt;If you believe you have discovered a security problem or vulnerability in&#xA;in an Instant Messaging Freedom affiliated &lt;a href=&#34;https://security.imfreedom.org/projects&#34;&gt;project&lt;/a&gt;, please let us know&#xA;by using one of the following methods:&lt;/p&gt;&#xA;&lt;ul&gt;&#xA;&lt;li&gt;&lt;strong&gt;Our preferred way:&lt;/strong&gt; Emailing &lt;a href=&#34;mailto:security@imfreedom.org&#34;&gt;security@imfreedom.org&lt;/a&gt;.&lt;/li&gt;&#xA;&lt;li&gt;Use this specific &lt;a href=&#34;https://issues.imfreedom.org/newIssue?project=PIDGIN&amp;amp;c=visible+to+Security&#34;&gt;new issue&lt;/a&gt; link, which will create a new issue in our&#xA;issue tracker while ensuring that its visibility is set so that it&amp;rsquo;s only&#xA;visible to the &lt;code&gt;Security&lt;/code&gt; group. The visibility selection we are referring to&#xA;can be verified by looking for it right above the &lt;em&gt;Create&lt;/em&gt; button. Setting a&#xA;limited visibility is of &lt;em&gt;utmost&lt;/em&gt; importance as otherwise we&amp;rsquo;d need to&#xA;consider the vulnerability to have been made public since everyone could read&#xA;it from our issue tracker.&lt;/li&gt;&#xA;&lt;/ul&gt;</description>
			</item>
	</channel>
</rss>
