CVE-2010-0013

Name: CVE-2010-0013
Creator: NVD / NIST
Published: 2010-01-09T18:30:01.697+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 12.50%

Last modified Jun 16, 2026

CVE-2010-0013 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. EPSS estimates a 12.50% chance of exploitation in the next 30 days.

Description

Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

12.50%

95.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-22

Affected Software

Vendor	Product	Versions	Update
Adium	Adium	1.3.8	—
Pidgin	Pidgin	2.6.4	—
Fedoraproject	Fedora	11	—
Fedoraproject	Fedora	12	—
Opensuse	Opensuse	>= 11.0, <= 11.2	—
Suse	Linux Enterprise	11.0	—
Suse	Linux Enterprise Server	10	Sp2
Redhat	Enterprise Linux	4.0	—
Redhat	Enterprise Linux	5.0	—

References

http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467Broken Link
http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92fBroken Link
http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810Broken Link
http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.cBroken Link
http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.htmlProduct
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.htmlMailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.htmlMailing List
http://secunia.com/advisories/37953Broken Link, Vendor Advisory
http://secunia.com/advisories/37954Broken Link, Vendor Advisory
http://secunia.com/advisories/37961Broken Link
http://secunia.com/advisories/38915Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:085Broken Link
http://www.openwall.com/lists/oss-security/2010/01/02/1Mailing List, Patch
http://www.openwall.com/lists/oss-security/2010/01/07/1Mailing List
http://www.openwall.com/lists/oss-security/2010/01/07/2Mailing List
http://www.vupen.com/english/advisories/2009/3662Permissions Required, Vendor Advisory
http://www.vupen.com/english/advisories/2009/3663Permissions Required, Vendor Advisory
http://www.vupen.com/english/advisories/2010/1020Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=552483Issue Tracking, Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620Broken Link
http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467Broken Link
http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92fBroken Link
http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810Broken Link
http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.cBroken Link
http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.htmlProduct
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.htmlMailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.htmlMailing List
http://secunia.com/advisories/37953Broken Link, Vendor Advisory
http://secunia.com/advisories/37954Broken Link, Vendor Advisory
http://secunia.com/advisories/37961Broken Link
http://secunia.com/advisories/38915Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:085Broken Link
http://www.openwall.com/lists/oss-security/2010/01/02/1Mailing List, Patch
http://www.openwall.com/lists/oss-security/2010/01/07/1Mailing List
http://www.openwall.com/lists/oss-security/2010/01/07/2Mailing List
http://www.vupen.com/english/advisories/2009/3662Permissions Required, Vendor Advisory
http://www.vupen.com/english/advisories/2009/3663Permissions Required, Vendor Advisory
http://www.vupen.com/english/advisories/2010/1020Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=552483Issue Tracking, Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620Broken Link

Timeline

Published: Jan 9, 2010
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2010-0013?

How severe is CVE-2010-0013?

CVE-2010-0013 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 12.50% probability of exploitation in the next 30 days.

How do I fix CVE-2010-0013?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-0013?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST