Pidgin

pidgin

88 CVEs • 3 products

Products (3)

Click to collapse

Toggle

CVEs (88)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2012-6152 1Pidgin 1Pidgin Apr 29, 2026 Feb 6, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences.
CVE-2013-0274 1Pidgin 1Pidgin Apr 29, 2026 Feb 16, 2013 N/A· v4 N/A· v3 2.9 LOW· v2 upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local net...Show more upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.Show less
CVE-2013-0273 1Pidgin 1Pidgin Apr 29, 2026 Feb 16, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet...Show more sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet.Show less
CVE-2013-0272 1Pidgin 1Pidgin Apr 29, 2026 Feb 16, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header.
CVE-2013-0271 1Pidgin 1Pidgin Apr 29, 2026 Feb 16, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname.
CVE-2011-4922 1Pidgin 1Pidgin Apr 29, 2026 Aug 8, 2012 N/A· v4 N/A· v3 2.1 LOW· v2 cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation...Show more cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.Show less
CVE-2012-3374 1Pidgin 1Pidgin Apr 29, 2026 Jul 7, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message.
CVE-2012-2318 1Pidgin 1Pidgin Apr 29, 2026 Jul 3, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters...Show more msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message.Show less
CVE-2012-2214 1Pidgin 1Pidgin Apr 29, 2026 Jul 3, 2012 N/A· v4 N/A· v3 3.5 LOW· v2 proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequ...Show more proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests.Show less
CVE-2012-1178 1Pidgin 1Pidgin Apr 29, 2026 Mar 15, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 enco...Show more The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding.Show less
CVE-2011-4939 1Pidgin 1Pidgin Apr 29, 2026 Mar 15, 2012 N/A· v4 N/A· v3 6.4 MEDIUM· v2 The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP...Show more The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room.Show less
CVE-2011-4601 1Pidgin 1Pidgin Apr 29, 2026 Dec 25, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application c...Show more family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.Show less
CVE-2011-4603 1Pidgin 1Pidgin Apr 29, 2026 Dec 17, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial...Show more The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.Show less
CVE-2011-4602 1Pidgin 1Pidgin Apr 29, 2026 Dec 17, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application...Show more The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.Show less
CVE-2011-3594 1Pidgin 2Libpurple Pidgin Apr 29, 2026 Nov 4, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-...Show more The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.Show less
CVE-2011-3185 1Pidgin 1Pidgin Apr 29, 2026 Aug 29, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message.
CVE-2011-3184 1Pidgin 1Pidgin Apr 29, 2026 Aug 29, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (...Show more The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.Show less
CVE-2011-2943 1Pidgin 2Libpurple Pidgin Apr 29, 2026 Aug 29, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to ca...Show more The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.Show less
CVE-2011-1091 1Pidgin 1Pidgin Apr 29, 2026 Mar 14, 2011 N/A· v4 N/A· v3 4.0 MEDIUM· v2 libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG...Show more libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message.Show less
CVE-2010-4528 1Pidgin 2Libpurple Pidgin Apr 29, 2026 Jan 7, 2011 N/A· v4 N/A· v3 4.0 MEDIUM· v2 directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short...Show more directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session.Show less

Previous 1 234 5 Next