Pidgin Security Advisories

This page lists all potential security vulnerabilities discovered since August 1st, 2004 in Pidgin (or Gaim), Finch, libpurple, or any official plugins included with those programs.

Title CVE Name Date Fixed In
Pidgin MXIT Suggested Contacts Memory Disclosure Vulnerability CVE 2016-2375 2016-06-21 2.11.0
Pidgin MXIT MultiMX Message Code Execution Vulnerability CVE 2016-2374 2016-06-21 2.11.0
Pidgin MXIT Contact Mood Denial of Service Vulnerability CVE 2016-2373 2016-06-21 2.11.0
Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability CVE 2016-2372 2016-06-21 2.11.0
Pidgin MXIT Extended Profiles Code Execution Vulnerability CVE 2016-2371 2016-06-21 2.11.0
Pidgin MXIT Custom Resource Denial of Service Vulnerability CVE 2016-2370 2016-06-21 2.11.0
Pidgin MXIT CP_SOCK_REC_TERM Denial of Service Vulnerability CVE 2016-2369 2016-06-21 2.11.0
Pidgin MXIT g_snprintf Multiple Buffer Overflow Vulnerabilities CVE 2016-2368 2016-06-21 2.11.0
Pidgin MXIT Avatar Length Memory Disclosure Vulnerability CVE 2016-2367 2016-06-21 2.11.0
Pidgin MXIT Table Command Denial of Service Vulnerability CVE 2016-2366 2016-06-21 2.11.0
Pidgin MXIT Markup Command Denial of Service Vulnerability CVE 2016-2365 2016-06-21 2.11.0
Pidgin MXIT Splash Image Arbitrary File Overwrite Vulnerability CVE 2016-4323 2016-06-21 2.11.0
Pidgin MXIT mxit_convert_markup_tx Information Leak Vulnerability CVE 2016-2380 2016-06-21 2.11.0
CVE 2016-2379 2016-06-21
Pidgin MXIT get_utf8_string Code Execution Vulnerability CVE 2016-2378 2016-06-21 2.11.0
Pidgin MXIT HTTP Content-Length Buffer Overflow Vulnerability CVE 2016-2377 2016-06-21 2.11.0
Pidgin MXIT read stage 0x3 Code Execution Vulnerability CVE 2016-2376 2016-06-21 2.11.0
X.509 Certificates Improperly Imported None 2016-06-21 2.11.0
Potential information leak from XMPP CVE-2014-3698 2014-10-22 2.10.10
Malicious smiley themes could alter arbitrary files CVE-2014-3697 2014-10-22 2.10.10
Remote crash parsing malformed Groupwise message CVE-2014-3696 2014-10-22 2.10.10
Remote crash parsing malformed MXit emoticon CVE-2014-3695 2014-10-22 2.10.10
Insufficient SSL certificate validation CVE-2014-3694 2014-10-22 2.10.10
Remotely triggerable crash in IRC argument parsing CVE-2014-0020 2014-01-28 2.10.8
Buffer overflow in SIMPLE header parsing CVE-2013-6490 2014-01-28 2.10.8
Buffer overflow in MXit emoticon parsing CVE-2013-6489 2014-01-28 2.10.8
Buffer overflow in Gadu-Gadu HTTP parsing CVE-2013-6487 2014-01-28 2.10.8
Pidgin uses clickable links to untrusted executables CVE-2013-6486 2014-01-28 2.10.8
Buffer overflow parsing chunked HTTP responses CVE-2013-6485 2014-01-28 2.10.8
Crash reading response from STUN server CVE-2013-6484 2014-01-28 2.10.8
XMPP doesn't verify 'from' on some iq replies CVE-2013-6483 2014-01-28 2.10.8
NULL pointer dereference parsing SOAP data in MSN CVE-2013-6482 2014-01-28 2.10.8
NULL pointer dereference parsing OIM data in MSN CVE-2013-6482 2014-01-28 2.10.8
NULL pointer dereference parsing headers in MSN CVE-2013-6482 2014-01-28 2.10.8
Remote crash reading Yahoo! P2P message CVE-2013-6481 2014-01-28 2.10.8
Remote crash parsing HTTP responses CVE-2013-6479 2014-01-28 2.10.8
Crash when hovering pointer over a long URL CVE-2013-6478 2014-01-28 2.10.8
Crash handling bad XMPP timestamp CVE-2013-6477 2014-01-28 2.10.8
Yahoo! remote crash from incorrect character encoding CVE-2012-6152 2014-01-28 2.10.8
Windows Pidgin crash receiving some characters N/A 2014-01-28 2.10.8
Crash when receiving a UPnP response with abnormally long values CVE-2013-0274 2013-02-13 2.10.7
Sametime crash with long user IDs CVE-2013-0273 2013-02-13 2.10.7
MXit buffer overflow reading data from network CVE-2013-0272 2013-02-13 2.10.7
Remote MXit user could specify local file path CVE-2013-0271 2013-02-13 2.10.7
MXit buffer overflow CVE-2012-3374 2012-07-05 2.10.5
Possible MSN remote crash CVE-2012-2318 2012-05-06 2.10.4
XMPP remote crash CVE-2012-2214 2012-05-06 2.10.4
Possible MSN remote crash CVE-2012-1178 2012-01-17 2.10.2
XMPP remote crash CVE-2011-4939 2011-07-08 2.10.2
SILC remote crash CVE-2011-4603 2011-09-29 2.10.1
XMPP remote crash CVE-2011-4602 2011-12-10 2.10.1
Older