Fluid Attacks Database

Description

Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: "I was never able to identify a scenario under which a problem occurred and the original reporter wasn't able to supply any sort of reproduction details."

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 13	pidgin	=2.14.14-1
debian 11	pidgin	=2.14.1-1 \|\| =2.14.10-1 \|\| =2.14.10-2 \|\| =2.14.10-3 \|\| =2.14.12-1 \|\| =2.14.12-1.1 \|\| =2.14.12-1.1~exp1 \|\| =2.14.13-1 \|\| =2.14.13-2 \|\| =2.14.14-1 \|\| =2.14.7-1 \|\| =2.14.7-2 \|\| =2.14.8-1 \|\| =2.14.8-2 \|\| =2.14.8-3 \|\| =2.14.9-1 \|\| =2.14.9-2
debian 12	pidgin	=2.14.12-1 \|\| =2.14.12-1.1 \|\| =2.14.12-1.1~exp1 \|\| =2.14.13-1 \|\| =2.14.13-2 \|\| =2.14.14-1
debian 14	pidgin	=2.14.14-1

Aliases

1. CVE-2008-29562. NVD-2008-29563. OSV-DEBIAN-2008-29564. OSV-2008-29565. SECURITY-TRACKER-CVE-2008-2956