Pidgin > About > Security > Advisories

Advisories

This page lists all potential security vulnerabilities discovered since August 1st, 2004 in Pidgin (or Gaim), Finch, libpurple, or any official plugins included with those programs.

2021-02-15

Pidgin MXIT Splash Image Arbitrary File Overwrite Vulnerability

Pidgin MXIT mxit_convert_markup_tx Information Leak Vulnerability

Pidgin MXIT get_utf8_string Code Execution Vulnerability

Pidgin MXIT HTTP Content-Length Buffer Overflow Vulnerability

Pidgin MXIT read stage 0x3 Code Execution Vulnerability

Pidgin MXIT MultiMX Message Code Execution Vulnerability

Pidgin MXIT Contact Mood Denial of Service Vulnerability

Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability

Pidgin MXIT Extended Profiles Code Execution Vulnerability

Pidgin MXIT Custom Resource Denial of Service Vulnerability

Pidgin MXIT CP_SOCK_REC_TERM Denial of Service Vulnerability

Pidgin MXIT g_snprintf Multiple Buffer Overflow Vulnerabilities

Pidgin MXIT Avatar Length Memory Disclosure Vulnerability

Pidgin MXIT Table Command Denial of Service Vulnerability

Pidgin MXIT Markup Command Denial of Service Vulnerability

X.509 Certificates Improperly Imported

CVE-2016-1000030

ICQ and maybe AIM remote crash

CVE-2009-3615

XMPP custom smiley parsing bug

CVE-2009-3085

MSN handwritten message crash

CVE-2009-3084

MSN partial SLP invite crash

CVE-2009-3083

XMPP may not enforce TLS

CVE-2009-3026

Yahoo IM parsing crash

CVE-2009-3025

IRC crash from malicious server

CVE-2009-2703

MSN overflow parsing SLP messages

CVE-2009-2694

ICQ parser excessive memory allocation

CVE-2009-1889

MSN malformed SLP message overflow

CVE-2009-1376

Remote DoS in multiple protocols

CVE-2009-1375

QQ remote DoS

CVE-2009-1374

XMPP file transfer buffer overflow

CVE-2009-1373

Potential information leak from XMPP

CVE-2014-3698

Malicious smiley themes could alter arbitrary files

CVE-2014-3697

Remote crash parsing malformed Groupwise message

CVE-2014-3696

Remote crash parsing malformed MXit emoticon

CVE-2014-3695

Insufficient SSL certificate validation

CVE-2014-3694

Remotely triggerable crash in IRC argument parsing

CVE-2014-0020

Buffer overflow in MXit emoticon parsing

CVE-2013-6489

Buffer overflow in Gadu-Gadu HTTP parsing

CVE-2013-6487

Pidgin uses clickable links to untrusted executables

CVE-2013-6486

Buffer overflow parsing chunked HTTP responses

CVE-2013-6485

Crash reading response from STUN server

CVE-2013-6484

XMPP doesn't verify 'from' on some iq replies

CVE-2013-6483

NULL pointer dereference parsing SOAP data in MSN

CVE-2013-6482

NULL pointer dereference parsing OIM data in MSN

CVE-2013-6482

NULL pointer dereference parsing headers in MSN

CVE-2013-6482

Remote crash reading Yahoo! P2P message

CVE-2013-6481

Remote crash parsing HTTP responses

CVE-2013-6479

Crash when hovering pointer over a long URL

CVE-2013-6478

Crash handling bad XMPP timestamp

CVE-2013-6477

Cipher API information disclosure

No security advisories

XMPP remote crash

CVE-2011-4939

SILC remote crash

CVE-2011-4603

XMPP remote crash

CVE-2011-4602

AIM and ICQ remote crash

CVE-2011-4601

SILC remote crash

CVE-2011-3594

Pidgin uses clickable links to untrusted executables

CVE-2011-3185

Remote crash in MSN protocol plugin

CVE-2011-3184

Remote crash in IRC protocol plugin

CVE-2011-2943

Remote denial of service from corrupt buddy icons

CVE-2011-2485

Remote denial of service in Yahoo protocol plugin

CVE-2011-1091

2021-02-14

Yahoo! remote crash from incorrect character encoding

CVE-2012-6152

MSN direct connection denial of service

CVE-2010-4528

Multiple remotely-triggered denials of service

CVE-2010-3711

ICQ X-Status denial of service

CVE-2010-2528

MSN emoticon denial of service

CVE-2010-1624

Smiley denial of service

CVE-2010-0423

Finch XMPP MUC crash

CVE-2010-0420

MSN malformed SLP message crash

CVE-2010-0277

MSN file download vulnerability

CVE-2010-0013

2021-02-11

NSS TLS/SSL Certificates not validated

CVE-2008-3532

Remote UPnP discovery DoS

CVE-2008-2957

MSN Remote file transfer filename DoS

CVE-2008-2955

MSN malformed SLP message overflow

CVE-2008-2927

NULL pointer dereference in parsing invalid HTML

CVE-2007-4999

MSN Remote "Nudge" DoS

CVE-2007-4996

Gadu-Gadu memory alignment bug

CVE-2005-2370

AIM/ICQ away message buffer overflow

CVE-2005-2103

AIM/ICQ non-UTF-8 filename crash

CVE-2004-0500

MSN Remote DoS

CVE-2005-1934

Remote Yahoo! crash

CVE-2005-1269

MSN Remote DoS

CVE-2005-1262

Remote crash on some protocols

CVE-2005-1261

Jabber remote crash

CVE-2005-0967

Remote DoS on receiving certain messages over IRC

CVE-2005-0966

Remote DoS on receiving malformed HTML

CVE-2005-0965

Remote DoS on receiving malformed HTML

CVE-2004-0473

AIM/ICQ remote denial of service

CVE-2005-0472

Remote DoS on receiving malformed HTML

CVE-2005-0208

MSN SLP buffer overflow

CVE-2004-0891

2020-01-18

MSN SLP DOS (malloc error)

No security advisories

MSN File transfer DOS (malloc error)

No security advisories

Content-length DOS (malloc error)

No security advisories

Out-of-bounds write when stripping xml

CVE-2017-2640

Pidgin MXIT Suggested Contacts Memory Disclosure Vulnerability

RTF message buffer overflow

CVE-2004-0785

Local hostname resolution buffer overflow

CVE-2004-0785

URL decode buffer overflow

CVE-2004-0785

Groupware message receive integer overflow

CVE-2004-0754

MSN strncpy buffer overflow

CVE-2004-0500

2004-08-22

Smiley theme installation lack of escaping

CVE-2004-0784

Looking to reach us via XMPP? Check out the new PidginChat service!