),

array(

"title" => "Windows Pidgin crash receiving some characters",

"cve" => "",

"description" => "The library used to render fonts would sometimes crash when attempting to display certain Unicode characters.",

"fix" => "Patch the version of Pango that we bundle with our installer to not crash when displaying these characters.",

),

array(

"title" => "Yahoo! remote crash from incorrect character encoding",

"cve" => "CVE-2012-6152",

"description" => "Many places in the Yahoo! protocol plugin assumed incoming strings were UTF-8 and failed to transcode from non-UTF-8 encodings. This can lead to a crash when receiving strings that aren't UTF-8.",

"fix" => "Depending on the context, either validate that a string is UTF-8 or transcode the string from the appropriate encoding to UTF-8.",

),

array(

"title" => "Crash handling bad XMPP timestamp",

"cve" => "CVE-2013-6477",

"description" => "A remote XMPP user can trigger a crash on some systems by sending a message with a timestamp in the distant future.",

"fix" => "Avoid passing negative timestamps to localtime().",

),

array(

"title" => "Crash when hovering pointer over a long URL",

"cve" => "CVE-2013-6478",

"description" => "libX11 forcefully exits when Pidgin tries to create an exceptionally wide tooltip window.",

"fix" => "Only display the first 200 characters of the URL in the tooltip.",

),

array(

"title" => "Remote crash parsing HTTP responses",

"cve" => "CVE-2013-6479",

"description" => "A malicious server or man-in-the-middle could send a malformed HTTP response that could lead to a crash.",

"fix" => "Validate response before using it.",

),

array(

"title" => "Remote crash reading Yahoo! P2P message",

"cve" => "CVE-2013-6481",

"description" => "The Yahoo! protocol plugin failed to validate a length field before trying to read from a buffer, which could result in reading past the end of the buffer which could cause a crash.",

"fix" => "Check that the length is within range.",

),

array(

"title" => "NULL pointer dereference parsing headers in MSN",

"cve" => "CVE-2013-6482",

"description" => "A malformed Content-Length header could lead to a NULL pointer dereference.",

"fix" => "Check to make sure the Content-Length header has a value.",

),

array(

"title" => "NULL pointer dereference parsing OIM data in MSN",

"cve" => "CVE-2013-6482",

"description" => "A malicious server or man-in-the-middle could send us a specially-crafted XML response that results in a NULL pointer dereference.",

"fix" => "Check for NULL before calling atoi().",

),

array(

"title" => "NULL pointer dereference parsing SOAP data in MSN",

"cve" => "CVE-2013-6482",

"description" => "A malicious server or man-in-the-middle could send us a specially-crafted SOAP response that results in a NULL pointer dereference.",

"fix" => "Check for NULL before using values.",

),

array(

"title" => "XMPP doesn't verify 'from' on some iq replies",

"cve" => "CVE-2013-6483",

"description" => "The XMPP protocol plugin failed to ensure that iq replies came from the person they were sent to. A remote user could send a spoofed iq reply and attempt to guess the iq id. This could allow an attacker to inject fake data or trigger a null pointer dereference.",

"fix" => "Keep track of the 'to' when sending an iq stanza and make sure replies for a given stanza ID come from the same address it was sent to.",

),

array(

"title" => "Crash reading response from STUN server",

"cve" => "CVE-2013-6484",

"description" => "Incorrect error handling when reading the response from a STUN server could lead to a crash.",

"fix" => "Fix error handling.",

),

array(

"title" => "Buffer overflow parsing chunked HTTP responses",

"cve" => "CVE-2013-6485",

"description" => "A malicious server or man-in-the-middle could cause a buffer overflow by sending a malformed HTTP response with chunked Transfer-Encoding with invalid chunk sizes.",

"fix" => "Enforce a maximum size for chunks.",

),

array(

"title" => "Pidgin uses clickable links to untrusted executables",

"cve" => "CVE-2013-6486",

"description" => "If a user clicks on a file:// URI in a received IM in Windows builds of Pidgin, Pidgin attempts to execute the file. This can be dangerous if the file:// URI is a path on a network share. This was <a href=\"?id=55\">originally reported in CVE-2011-3185 in 2011</a> and we attempted to fix it then, but failed.",

"fix" => "Don't attempt to execute files when the user clicks a file:// URI. Instead, open a file browser at the file's location.",

),

array(

"title" => "Buffer overflow in Gadu-Gadu HTTP parsing",

"cve" => "CVE-2013-6487",

"description" => "A malicious server or man-in-the-middle could send a large value for Content-Length and cause an integer overflow which could lead to a buffer overflow.",

"fix" => "Enforce a maximum size for content-length.",

),

array(

"title" => "Buffer overflow in MXit emoticon parsing",

"cve" => "CVE-2013-6489",

"description" => "A specially crafted emoticon value could cause an integer overflow which could lead to a buffer overflow.",

"fix" => "Use an unsigned integer and enforce a maximum size.",

),

array(

"title" => "Buffer overflow in SIMPLE header parsing",

"cve" => "CVE-2013-6490",

"description" => "A Content-Length of -1 could lead to a buffer overflow.",

"fix" => "Ignore messages with negative values for Content-Length.",

),

array(

"title" => "Remotely triggerable crash in IRC argument parsing",

"cve" => "CVE-2014-0020",

"description" => "A malicious server or man-in-the-middle could trigger a crash in libpurple by sending a message with fewer than expected arguments.",

"fix" => "Verify that incoming messages contain the appropriate number of arguments before handling them.",