CVE-2007-4999

Published: Oct 29, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996.

Affected (3)

Products: Pidgin: Pidgin

Pidgin

1 product

Pidgin

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Pidgin Pidgin	Version 2.1.0
Pidgin Pidgin	Version 2.2.0
Pidgin Pidgin	Version 2.2.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (24)

http://osvdb.org/38695

Source: secalert@redhat.com

http://secunia.com/advisories/27372

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/27495

Source: secalert@redhat.com

http://secunia.com/advisories/27858

Source: secalert@redhat.com

http://www.pidgin.im/news/security/?id=24

Source: secalert@redhat.com

Patch

http://www.securityfocus.com/archive/1/483580/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/26205

Source: secalert@redhat.com

http://www.ubuntu.com/usn/usn-548-1

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2007/3624

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/38132

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18357

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00011.html

Source: secalert@redhat.com

http://osvdb.org/38695