{"url":"http://public2.vulnerablecode.io/api/packages/123448?format=json","purl":"pkg:deb/debian/pidgin@2.6.2-1?distro=trixie","type":"deb","namespace":"debian","name":"pidgin","version":"2.6.2-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.6.3-1","latest_non_vulnerable_version":"2.14.14-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98232?format=json","vulnerability_id":"VCID-9edh-fxgx-t7eb","summary":"The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3083.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3083.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3083","reference_id":"","reference_type":"","scores":[{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79947","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79973","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79978","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79974","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79963","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79983","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3083"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3083","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3083"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521832","reference_id":"521832","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521832"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1453","reference_id":"RHSA-2009:1453","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1453"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1535","reference_id":"RHSA-2009:1535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1535"},{"reference_url":"https://usn.ubuntu.com/886-1/","reference_id":"USN-886-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/886-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/123448?format=json","purl":"pkg:deb/debian/pidgin@2.6.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pidgin@2.6.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/123437?format=json","purl":"pkg:deb/debian/pidgin@2.14.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kw2k-czsm-43cx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pidgin@2.14.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/123435?format=json","purl":"pkg:deb/debian/pidgin@2.14.12-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pidgin@2.14.12-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/123438?format=json","purl":"pkg:deb/debian/pidgin@2.14.14-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pidgin@2.14.14-1%3Fdistro=trixie"}],"aliases":["CVE-2009-3083"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9edh-fxgx-t7eb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98234?format=json","vulnerability_id":"VCID-hf5n-9yw2-pfer","summary":"The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3085.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3085.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3085","reference_id":"","reference_type":"","scores":[{"value":"0.00949","scoring_system":"epss","scoring_elements":"0.7671","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00949","scoring_system":"epss","scoring_elements":"0.76742","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00949","scoring_system":"epss","scoring_elements":"0.76749","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00949","scoring_system":"epss","scoring_elements":"0.76737","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00949","scoring_system":"epss","scoring_elements":"0.76727","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3085"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3085","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3085"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521853","reference_id":"521853","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1453","reference_id":"RHSA-2009:1453","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1453"},{"reference_url":"https://usn.ubuntu.com/886-1/","reference_id":"USN-886-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/886-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/123448?format=json","purl":"pkg:deb/debian/pidgin@2.6.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pidgin@2.6.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/123437?format=json","purl":"pkg:deb/debian/pidgin@2.14.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kw2k-czsm-43cx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pidgin@2.14.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/123435?format=json","purl":"pkg:deb/debian/pidgin@2.14.12-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pidgin@2.14.12-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/123438?format=json","purl":"pkg:deb/debian/pidgin@2.14.14-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pidgin@2.14.14-1%3Fdistro=trixie"}],"aliases":["CVE-2009-3085"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hf5n-9yw2-pfer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98233?format=json","vulnerability_id":"VCID-tum7-bfj9-uufe","summary":"The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect \"UTF16-LE\" charset name.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3084.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3084.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3084","reference_id":"","reference_type":"","scores":[{"value":"0.01382","scoring_system":"epss","scoring_elements":"0.80635","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01382","scoring_system":"epss","scoring_elements":"0.80661","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01382","scoring_system":"epss","scoring_elements":"0.80662","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01382","scoring_system":"epss","scoring_elements":"0.80659","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01382","scoring_system":"epss","scoring_elements":"0.80655","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01382","scoring_system":"epss","scoring_elements":"0.80675","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3084"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3084","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3084"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/123448?format=json","purl":"pkg:deb/debian/pidgin@2.6.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pidgin@2.6.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/123437?format=json","purl":"pkg:deb/debian/pidgin@2.14.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kw2k-czsm-43cx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pidgin@2.14.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/123435?format=json","purl":"pkg:deb/debian/pidgin@2.14.12-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pidgin@2.14.12-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/123438?format=json","purl":"pkg:deb/debian/pidgin@2.14.14-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pidgin@2.14.14-1%3Fdistro=trixie"}],"aliases":["CVE-2009-3084"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tum7-bfj9-uufe"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pidgin@2.6.2-1%3Fdistro=trixie"}