Pidgin Security Advisories

This page lists all potential security vulnerabilities discovered since August 1st, 2004 in Pidgin (or Gaim), Finch, libpurple, or any official plugins included with those programs.

Title CVE Name Date Fixed In
XMPP remote crash CVE-2011-4602 2011-12-10 2.10.1
AIM and ICQ remote crash CVE-2011-4601 2011-10-20 2.10.1
SILC remote crash CVE-2011-3594 2011-09-29 2.10.1
Pidgin uses clickable links to untrusted executables CVE-2011-3185 2011-08-20 2.10.0
Remote crash in MSN protocol plugin CVE-2011-3184 2011-08-20 2.10.0
Remote crash in IRC protocol plugin CVE-2011-2943 2011-08-20 2.10.0
Remote denial of service from corrupt buddy icons CVE-2011-2485 2011-06-23 2.9.0
Remote denial of service in Yahoo protocol plugin CVE-2011-1091 2011-03-10 2.7.11
Cipher API information disclosure N/A 2011-02-06 2.7.10
MSN direct connection denial of service CVE-2010-4528 2010-12-26 2.7.9
purple_base64_decode() remote crashes CVE-2010-3711 2010-10-20 2.7.4
ICQ X-Status denial of service CVE-2010-2528 2010-07-21 2.7.2
MSN emoticon denial of service CVE-2010-1624 2010-05-12 2.7.0
Smiley denial of service CVE-2010-0423 2010-02-18 2.6.6
Finch XMPP MUC crash CVE-2010-0420 2010-02-18 2.6.6
MSN malformed SLP message crash CVE-2010-0277 2010-02-18 2.6.6
MSN file download vulnerability CVE-2010-0013 2010-01-08 2.6.5
ICQ and maybe AIM remote crash CVE-2009-3615 2009-10-16 2.6.3
IRC crash from malicious server CVE-2009-2703 2009-09-03 2.6.2
MSN partial SLP invite crash CVE-2009-3083 2009-09-03 2.6.2
MSN handwritten message crash CVE-2009-3084 2009-09-03 2.6.2
XMPP custom smiley parsing bug CVE-2009-3085 2009-09-03 2.6.2
XMPP may not enforce TLS CVE-2009-3026 2009-09-03 2.6.0
Yahoo IM parsing crash CVE-2009-3025 2009-08-22 2.6.1
MSN overflow parsing SLP messages CVE-2009-2694 2009-08-18 2.5.9
ICQ parser excessive memory allocation CVE-2009-1889 2009-05-28 2.5.8
MSN malformed SLP message overflow CVE-2009-1376 2009-05-02 2.5.6
Remote DoS in multiple protocols CVE-2009-1375 2009-03-20 2.5.6
QQ remote DoS CVE-2009-1374 2009-05-03 2.5.6
XMPP file transfer buffer overflow CVE-2009-1373 2009-05-02 2.5.6
NSS TLS/SSL Certificates not validated CVE-2008-3532 2008-07-25 2.5.0
Remote UPnP discovery DoS CVE-2008-2957 2007-05-11 2.5.0
MSN Remote file transfer filename DoS CVE-2008-2955 2008-06-25 2.4.3
MSN malformed SLP message overflow CVE-2008-2927 2008-07 2.4.3
NULL pointer dereference in parsing invalid HTML CVE-2007-4999 2007-10-24 2.2.2
MSN Remote "Nudge" DoS CVE-2007-4996 2007-09-27 2.2.1
AIM/ICQ away message buffer overflow CVE-2005-2103 2005-08-11 1.5.0
AIM/ICQ non-UTF-8 filename crash CVE-2005-2102 2005-08-11 1.5.0
Gadu-Gadu memory alignment bug CVE-2005-2370 2005-08-11 1.5.0
MSN Remote DoS CVE-2005-1934 2005-06-10 1.3.1
Remote Yahoo! crash CVE-2005-1269 2005-06-10 1.3.1
MSN Remote DoS CVE-2005-1262 2005-05-10 1.3.0
Remote crash on some protocols CVE-2005-1261 2005-05-10 1.3.0
Jabber remote crash CVE-2005-0967 2005-04-04 1.2.1
Remote DoS on receiving certain messages over IRC CVE-2005-0966 2005-04-02 1.2.1
Remote DoS on receiving malformed HTML CVE-2005-0965 2005-04-02 1.2.1
Remote DoS on receiving malformed HTML CVE-2005-0208 2005-02-24 1.1.4
Remote DoS on receiving malformed HTML CVE-2005-0473 2005-02-17 1.1.3
AIM/ICQ remote denial of service CVE-2005-0472 2005-02-17 1.1.3
MSN SLP buffer overflow CVE-2004-0891 2004-10-19 1.0.2
MSN SLP DOS (malloc error) N/A 2004-10-19 1.0.2
Newer Older