{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34328?format=json","vulnerability_id":"VCID-j7ap-11qk-ufeb","summary":"Multiple vulnerabilities have been discovered in Pidgin, leading to the\n    remote execution of arbitrary code, unauthorized information disclosure, or\n    Denial of Service.","aliases":[{"alias":"CVE-2009-2694"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935309?format=json","purl":"pkg:deb/debian/pidgin@2.5.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pidgin@2.5.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/571059?format=json","purl":"pkg:deb/debian/pidgin@2.7.3-1%2Bsqueeze4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13y4-t2b9-pkg9"},{"vulnerability":"VCID-1fmj-vjdg-g3eu"},{"vulnerability":"VCID-1p3d-b4v1-6fdg"},{"vulnerability":"VCID-1x1f-8ujk-53fw"},{"vulnerability":"VCID-25qc-25g9-cbhn"},{"vulnerability":"VCID-3m4a-pw2r-zkfb"},{"vulnerability":"VCID-3zuy-sufn-tfcw"},{"vulnerability":"VCID-562h-uev3-nqby"},{"vulnerability":"VCID-5bxz-xddd-rudq"},{"vulnerability":"VCID-5k78-mks2-ckdk"},{"vulnerability":"VCID-5ktd-d1vb-xqhb"},{"vulnerability":"VCID-5us8-sghn-zyf1"},{"vulnerability":"VCID-6gvz-3ye8-zyen"},{"vulnerability":"VCID-6utr-f9hr-wkhd"},{"vulnerability":"VCID-71bq-9kpe-wbc8"},{"vulnerability":"VCID-7fz8-kr7a-xqfb"},{"vulnerability":"VCID-7u2r-rnyz-uyd5"},{"vulnerability":"VCID-83az-td85-sudb"},{"vulnerability":"VCID-8951-ngtt-pfb5"},{"vulnerability":"VCID-9btk-pnjv-1qgb"},{"vulnerability":"VCID-9npz-w7g5-r3b5"},{"vulnerability":"VCID-ach7-fhrx-zqd3"},{"vulnerability":"VCID-b8zp-g4xa-t7ad"},{"vulnerability":"VCID-bqxx-44k8-t7fd"},{"vulnerability":"VCID-ca59-9ma2-nyek"},{"vulnerability":"VCID-cd64-6y6b-rfa3"},{"vulnerability":"VCID-cmm5-mw5m-bud2"},{"vulnerability":"VCID-cxh3-6xaf-q7fa"},{"vulnerability":"VCID-dw47-rgd5-yked"},{"vulnerability":"VCID-ebg2-bj5n-tycb"},{"vulnerability":"VCID-ektc-z3zf-dfep"},{"vulnerability":"VCID-et2z-svg6-m3ef"},{"vulnerability":"VCID-gmc8-mf63-x7fs"},{"vulnerability":"VCID-jb3a-ydyh-sfft"},{"vulnerability":"VCID-kt42-hfwm-7ubh"},{"vulnerability":"VCID-mhjx-yrdy-5qf6"},{"vulnerability":"VCID-myh5-wcpe-zbac"},{"vulnerability":"VCID-nhj7-agfp-rue8"},{"vulnerability":"VCID-nvtc-a3b6-23bs"},{"vulnerability":"VCID-nxhy-m3bd-6qab"},{"vulnerability":"VCID-q5v4-yz4d-yydy"},{"vulnerability":"VCID-r5z8-wmea-a7by"},{"vulnerability":"VCID-stm8-xdkh-7bdf"},{"vulnerability":"VCID-tsth-71zg-n3g7"},{"vulnerability":"VCID-uf3q-52zp-p3bk"},{"vulnerability":"VCID-vczt-sf85-uyfc"},{"vulnerability":"VCID-vmjg-nj4a-8uby"},{"vulnerability":"VCID-whc9-ffhd-j3b6"},{"vulnerability":"VCID-wprn-gtbj-ukgf"},{"vulnerability":"VCID-xekx-jf8h-93hy"},{"vulnerability":"VCID-xgfd-ykfk-33dh"},{"vulnerability":"VCID-y3ke-yqy2-bbey"},{"vulnerability":"VCID-ym5e-f9a1-ufdz"},{"vulnerability":"VCID-zamj-2ej2-qke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pidgin@2.7.3-1%252Bsqueeze4"},{"url":"http://public2.vulnerablecode.io/api/packages/935301?format=json","purl":"pkg:deb/debian/pidgin@2.14.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zhu6-8jrm-73bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pidgin@2.14.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935299?format=json","purl":"pkg:deb/debian/pidgin@2.14.12-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pidgin@2.14.12-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935302?format=json","purl":"pkg:deb/debian/pidgin@2.14.14-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pidgin@2.14.14-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/73705?format=json","purl":"pkg:ebuild/net-im/pidgin@2.5.9-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/net-im/pidgin@2.5.9-r1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/571058?format=json","purl":"pkg:deb/debian/pidgin@2.4.3-4lenny8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13y4-t2b9-pkg9"},{"vulnerability":"VCID-1fmj-vjdg-g3eu"},{"vulnerability":"VCID-1p3d-b4v1-6fdg"},{"vulnerability":"VCID-1x1f-8ujk-53fw"},{"vulnerability":"VCID-25qc-25g9-cbhn"},{"vulnerability":"VCID-28mm-t6zv-b3fx"},{"vulnerability":"VCID-2v38-xu17-5ycr"},{"vulnerability":"VCID-3m4a-pw2r-zkfb"},{"vulnerability":"VCID-3zuy-sufn-tfcw"},{"vulnerability":"VCID-562h-uev3-nqby"},{"vulnerability":"VCID-59qb-mtwz-puda"},{"vulnerability":"VCID-5bxz-xddd-rudq"},{"vulnerability":"VCID-5k78-mks2-ckdk"},{"vulnerability":"VCID-5ktd-d1vb-xqhb"},{"vulnerability":"VCID-5us8-sghn-zyf1"},{"vulnerability":"VCID-6gvz-3ye8-zyen"},{"vulnerability":"VCID-6jkc-nx2t-7fgd"},{"vulnerability":"VCID-6utr-f9hr-wkhd"},{"vulnerability":"VCID-71bq-9kpe-wbc8"},{"vulnerability":"VCID-7fz8-kr7a-xqfb"},{"vulnerability":"VCID-7u2r-rnyz-uyd5"},{"vulnerability":"VCID-83az-td85-sudb"},{"vulnerability":"VCID-8951-ngtt-pfb5"},{"vulnerability":"VCID-9btk-pnjv-1qgb"},{"vulnerability":"VCID-9npz-w7g5-r3b5"},{"vulnerability":"VCID-ach7-fhrx-zqd3"},{"vulnerability":"VCID-b7pa-sgwm-cbea"},{"vulnerability":"VCID-b8e9-rkt5-cfch"},{"vulnerability":"VCID-b8zp-g4xa-t7ad"},{"vulnerability":"VCID-bqxx-44k8-t7fd"},{"vulnerability":"VCID-ca59-9ma2-nyek"},{"vulnerability":"VCID-cd64-6y6b-rfa3"},{"vulnerability":"VCID-cmm5-mw5m-bud2"},{"vulnerability":"VCID-cxh3-6xaf-q7fa"},{"vulnerability":"VCID-dw47-rgd5-yked"},{"vulnerability":"VCID-ebg2-bj5n-tycb"},{"vulnerability":"VCID-ektc-z3zf-dfep"},{"vulnerability":"VCID-et2z-svg6-m3ef"},{"vulnerability":"VCID-ftdp-6cub-sqah"},{"vulnerability":"VCID-g8q8-pb2g-qfct"},{"vulnerability":"VCID-gmc8-mf63-x7fs"},{"vulnerability":"VCID-j7ap-11qk-ufeb"},{"vulnerability":"VCID-jb3a-ydyh-sfft"},{"vulnerability":"VCID-jrfq-eubr-hfa9"},{"vulnerability":"VCID-ksp5-2txt-vucn"},{"vulnerability":"VCID-kt42-hfwm-7ubh"},{"vulnerability":"VCID-mhjx-yrdy-5qf6"},{"vulnerability":"VCID-myh5-wcpe-zbac"},{"vulnerability":"VCID-nhj7-agfp-rue8"},{"vulnerability":"VCID-nvtc-a3b6-23bs"},{"vulnerability":"VCID-nxhy-m3bd-6qab"},{"vulnerability":"VCID-p1gr-bcnk-pkg7"},{"vulnerability":"VCID-p8dm-3wjm-8bgd"},{"vulnerability":"VCID-q5v4-yz4d-yydy"},{"vulnerability":"VCID-r5z8-wmea-a7by"},{"vulnerability":"VCID-rzq7-5psb-dygh"},{"vulnerability":"VCID-s4gw-ntgc-5bad"},{"vulnerability":"VCID-stm8-xdkh-7bdf"},{"vulnerability":"VCID-tsth-71zg-n3g7"},{"vulnerability":"VCID-ua4g-zzrd-eyhb"},{"vulnerability":"VCID-uf3q-52zp-p3bk"},{"vulnerability":"VCID-vc51-jjp7-v7gb"},{"vulnerability":"VCID-vczt-sf85-uyfc"},{"vulnerability":"VCID-vmjg-nj4a-8uby"},{"vulnerability":"VCID-whc9-ffhd-j3b6"},{"vulnerability":"VCID-wprn-gtbj-ukgf"},{"vulnerability":"VCID-x5c5-b5s8-bbe1"},{"vulnerability":"VCID-xekx-jf8h-93hy"},{"vulnerability":"VCID-xgfd-ykfk-33dh"},{"vulnerability":"VCID-y3ke-yqy2-bbey"},{"vulnerability":"VCID-ym5e-f9a1-ufdz"},{"vulnerability":"VCID-ypkz-jxvb-9fgd"},{"vulnerability":"VCID-zamj-2ej2-qke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pidgin@2.4.3-4lenny8"},{"url":"http://public2.vulnerablecode.io/api/packages/128269?format=json","purl":"pkg:rpm/redhat/pidgin@1.5.1-4?arch=el3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j7ap-11qk-ufeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/pidgin@1.5.1-4%3Farch=el3"},{"url":"http://public2.vulnerablecode.io/api/packages/128267?format=json","purl":"pkg:rpm/redhat/pidgin@2.5.9-1?arch=el5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j7ap-11qk-ufeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/pidgin@2.5.9-1%3Farch=el5"},{"url":"http://public2.vulnerablecode.io/api/packages/128268?format=json","purl":"pkg:rpm/redhat/pidgin@2.5.9-1?arch=el4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j7ap-11qk-ufeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/pidgin@2.5.9-1%3Farch=el4"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2694.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2694.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2694","reference_id":"","reference_type":"","scores":[{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.96983","published_at":"2026-04-01T12:55:00Z"},{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.96991","published_at":"2026-04-02T12:55:00Z"},{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.96995","published_at":"2026-04-04T12:55:00Z"},{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.96996","published_at":"2026-04-07T12:55:00Z"},{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.97006","published_at":"2026-04-08T12:55:00Z"},{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.97007","published_at":"2026-04-09T12:55:00Z"},{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.9701","published_at":"2026-04-11T12:55:00Z"},{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.97011","published_at":"2026-04-12T12:55:00Z"},{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.97012","published_at":"2026-04-13T12:55:00Z"},{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.97021","published_at":"2026-04-16T12:55:00Z"},{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.97024","published_at":"2026-04-18T12:55:00Z"},{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.97028","published_at":"2026-04-21T12:55:00Z"},{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.97029","published_at":"2026-04-24T12:55:00Z"},{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.97031","published_at":"2026-04-26T12:55:00Z"},{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.97033","published_at":"2026-04-29T12:55:00Z"},{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.97035","published_at":"2026-05-05T12:55:00Z"},{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.97039","published_at":"2026-05-07T12:55:00Z"},{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.97045","published_at":"2026-05-09T12:55:00Z"},{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.97048","published_at":"2026-05-11T12:55:00Z"},{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.97053","published_at":"2026-05-12T12:55:00Z"},{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.97063","published_at":"2026-05-14T12:55:00Z"},{"value":"0.34712","scoring_system":"epss","scoring_elements":"0.97066","published_at":"2026-05-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2694"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=514957","reference_id":"514957","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=514957"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542486","reference_id":"542486","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542486"},{"reference_url":"https://security.gentoo.org/glsa/200910-02","reference_id":"GLSA-200910-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200910-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1218","reference_id":"RHSA-2009:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1218"},{"reference_url":"https://usn.ubuntu.com/820-1/","reference_id":"USN-820-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/820-1/"}],"weaknesses":[{"cwe_id":228,"name":"Improper Handling of Syntactically Invalid Structure","description":"The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification."},{"cwe_id":119,"name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","description":"The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer."}],"exploits":[{"date_added":"2009-09-08","description":"Pidgin MSN 2.5.8 - Remote Code Execution","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":true,"source_date_published":"2009-09-09","exploit_type":"remote","platform":"windows","source_date_updated":null,"data_source":"Exploit-DB","source_url":""}],"severity_range_score":null,"exploitability":"2.0","weighted_severity":"0.3","risk_score":0.6,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7ap-11qk-ufeb"}