CVE-2007-4999 - Vulnerability Details - OpenCVE

libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pidgin	Pidgin

Configuration 1 [-]

OR	cpe:2.3:a:pidgin:pidgin:2.1.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.2.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.2.1:::::::*

No data.

References

Link	Providers
http://osvdb.org/38695
http://secunia.com/advisories/27372
http://secunia.com/advisories/27495
http://secunia.com/advisories/27858
http://www.pidgin.im/news/security/?id=24
http://www.securityfocus.com/archive/1/483580/100/0/threaded
http://www.securityfocus.com/bid/26205
http://www.ubuntu.com/usn/usn-548-1
http://www.vupen.com/english/advisories/2007/3624
https://exchange.xforce.ibmcloud.com/vulnerabilities/38132
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18357
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00011.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2007-10-29T22:00:00

Updated: 2024-08-07T15:17:27.903Z

Reserved: 2007-09-20T00:00:00

Link: CVE-2007-4999

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-10-29T22:46:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-4999

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-24T00:00:00", "descriptions": [{"lang": "en", "value": "libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "26205", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26205"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.pidgin.im/news/security/?id=24"}, {"name": "ADV-2007-3624", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3624"}, {"name": "oval:org.mitre.oval:def:18357", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18357"}, {"name": "38695", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/38695"}, {"name": "pidgin-htmldata-dos(38132)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38132"}, {"name": "27495", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27495"}, {"name": "FEDORA-2007-2714", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00011.html"}, {"name": "20071112 FLEA-2007-0067-1 pidgin", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/483580/100/0/threaded"}, {"name": "27372", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27372"}, {"name": "27858", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27858"}, {"name": "USN-548-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-548-1"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:17:27.903Z"}, "title": "CVE Program Container", "references": [{"name": "26205", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26205"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.pidgin.im/news/security/?id=24"}, {"name": "ADV-2007-3624", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3624"}, {"name": "oval:org.mitre.oval:def:18357", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18357"}, {"name": "38695", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/38695"}, {"name": "pidgin-htmldata-dos(38132)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38132"}, {"name": "27495", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27495"}, {"name": "FEDORA-2007-2714", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00011.html"}, {"name": "20071112 FLEA-2007-0067-1 pidgin", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/483580/100/0/threaded"}, {"name": "27372", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27372"}, {"name": "27858", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27858"}, {"name": "USN-548-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-548-1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-4999", "datePublished": "2007-10-29T22:00:00", "dateReserved": "2007-09-20T00:00:00", "dateUpdated": "2024-08-07T15:17:27.903Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996."}, {"lang": "es", "value": "libpurple de Pidgin 2.1.0 hasta 2.2.1, cuando se utiliza la autenticaci\u00f3n HTML, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a NULL y ca\u00edda de aplicaci\u00f3n) mediante un mensaje que contiene datos HTML inv\u00e1lidos, vector distinto de CVE-2007-4996."}], "id": "CVE-2007-4999", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-29T22:46:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://osvdb.org/38695"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/27372"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27495"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27858"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.pidgin.im/news/security/?id=24"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/483580/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/26205"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/usn-548-1"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/3624"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38132"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18357"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00011.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/38695"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/27372"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27495"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27858"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.pidgin.im/news/security/?id=24"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/483580/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26205"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-548-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/3624"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38132"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18357"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00011.html"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of Pidgin or Gaim as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.", "lastModified": "2007-11-01T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}