Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Pidgin Subscribe
Filtered by product Pidgin
Total 89 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-3695 1 Pidgin 1 Pidgin 2018-01-04 5.0 MEDIUM N/A
markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response.
CVE-2014-3696 1 Pidgin 1 Pidgin 2018-01-04 5.0 MEDIUM N/A
nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.
CVE-2014-3698 1 Pidgin 1 Pidgin 2018-01-04 5.0 MEDIUM N/A
The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.
CVE-2012-2318 1 Pidgin 1 Pidgin 2017-12-28 5.0 MEDIUM N/A
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message.
CVE-2012-2214 1 Pidgin 1 Pidgin 2017-12-28 3.5 LOW N/A
proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests.
CVE-2012-3374 1 Pidgin 1 Pidgin 2017-11-30 7.5 HIGH N/A
Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message.
CVE-2009-1374 1 Pidgin 1 Pidgin 2017-09-28 5.0 MEDIUM N/A
Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet.
CVE-2009-1889 1 Pidgin 1 Pidgin 2017-09-28 5.0 MEDIUM N/A
The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory.
CVE-2009-1375 1 Pidgin 1 Pidgin 2017-09-28 5.0 MEDIUM N/A
The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol.
CVE-2008-3532 1 Pidgin 1 Pidgin 2017-09-28 6.8 MEDIUM N/A
The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.
CVE-2008-2957 1 Pidgin 1 Pidgin 2017-09-28 6.4 MEDIUM N/A
The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.
CVE-2013-0274 1 Pidgin 1 Pidgin 2017-09-18 2.9 LOW N/A
upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.
CVE-2013-0271 1 Pidgin 1 Pidgin 2017-09-18 5.0 MEDIUM N/A
The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname.
CVE-2013-0272 1 Pidgin 1 Pidgin 2017-09-18 6.8 MEDIUM N/A
Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header.
CVE-2013-0273 1 Pidgin 1 Pidgin 2017-09-18 5.0 MEDIUM N/A
sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet.
CVE-2011-4602 1 Pidgin 1 Pidgin 2017-09-18 5.0 MEDIUM N/A
The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.
CVE-2011-4601 1 Pidgin 1 Pidgin 2017-09-18 5.0 MEDIUM N/A
family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.
CVE-2011-4922 1 Pidgin 1 Pidgin 2017-09-18 2.1 LOW N/A
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.
CVE-2011-4603 1 Pidgin 1 Pidgin 2017-09-18 5.0 MEDIUM N/A
The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.
CVE-2011-3594 1 Pidgin 2 Libpurple, Pidgin 2017-09-18 4.3 MEDIUM N/A
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.