Loading
The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply.
Cite this page
CVE-2013-6483. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2013-6483
Use CWE-20, Pidgin vendor hub and Pidgin product page to widen CVE-2013-6483 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2016-1000030, CVE-2016-2378 and CVE-2016-2377 for nearby disclosures in the same product family.