threat
engine
.sh
Back
·
··:··
Home
/
Product
/
pidgin
Product
pidgin
88 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2019-25544
all versions
Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an exce
6.2
MEDIUM
CVE-2022-26491
< 2.14.9
An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to
5.9
MEDIUM
CVE-2012-1257
all versions
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus s
5.5
MEDIUM
CVE-2016-1000030
< 2.11.0
Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values
9.8
CRITICAL
CVE-2017-2640
< 2.12.0
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could poten
7.5
HIGH
CVE-2016-2379
all versions
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords
8.8
HIGH
CVE-2016-4323
<= 2.10.12
A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server coul
3.7
LOW
CVE-2016-2380
<= 2.10.12
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could po
3.1
LOW
CVE-2016-2378
<= 2.10.12
A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server cou
8.1
HIGH
CVE-2016-2377
<= 2.10.12
A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the ser
8.1
HIGH
CVE-2016-2376
<= 2.10.12
A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the s
8.1
HIGH
CVE-2016-2375
<= 2.10.12
An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact informatio
5.3
MEDIUM
CVE-2016-2374
<= 2.10.12
An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT Multi
8.1
HIGH
CVE-2016-2373
<= 2.10.12
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the
5.9
MEDIUM
CVE-2016-2372
<= 2.10.12
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could p
5.9
MEDIUM
CVE-2016-2371
<= 2.10.12
An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via t
8.1
HIGH
CVE-2016-2370
<= 2.10.12
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the
5.9
MEDIUM
CVE-2016-2369
<= 2.10.12
A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent v
5.9
MEDIUM
CVE-2016-2368
<= 2.10.12
Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent
8.1
HIGH
CVE-2016-2367
<= 2.10.12
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could p
5.9
MEDIUM
CVE-2016-2366
<= 2.10.12
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the
5.9
MEDIUM
CVE-2016-2365
<= 2.10.12
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the
5.9
MEDIUM
CVE-2014-3698
<= 2.10.9
The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote atta
CVE-2014-3697
<= 2.10.9
Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remo
CVE-2014-3696
<= 2.10.9
nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of
CVE-2014-3695
<= 2.10.9
markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (app
CVE-2014-3694
<= 2.10.9
The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not prop
CVE-2013-6490
<= 2.10.7
The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Con
CVE-2013-6489
<= 2.10.7
Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (s
CVE-2013-6487
<= 2.10.7
Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers
CVE-2013-6482
<= 2.10.7
Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1)
CVE-2013-6481
<= 2.10.7
libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yah
CVE-2014-0020
<= 2.10.7
The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to
CVE-2013-6486
<= 2.10.7
gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message co
CVE-2013-6485
<= 2.10.7
Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (applicatio
CVE-2013-6484
<= 2.10.7
The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out
CVE-2013-6483
<= 2.10.7
The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply
CVE-2013-6479
<= 2.10.7
util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Co
CVE-2013-6478
<= 2.10.7
gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allow
CVE-2013-6477
<= 2.10.7
Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (appli
CVE-2012-6152
<= 2.10.7
The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attacke
CVE-2013-0274
<= 2.10.6
upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attack
CVE-2013-0273
<= 2.10.6
sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which a
CVE-2013-0272
<= 2.10.6
Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitr
CVE-2013-0271
<= 2.10.6
The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a craf
CVE-2011-4922
<= 2.7.9
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow l
CVE-2012-3374
<= 2.10.4
Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute ar
CVE-2012-2318
<= 2.10.3
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows re
CVE-2012-2214
<= 2.10.3
proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assis
CVE-2012-1178
<= 2.10.1
The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers
CVE-2011-4939
<= 2.10.1
The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of servic
CVE-2011-4601
<= 2.10.0
family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation
CVE-2011-4603
<= 2.10.0
The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the e
CVE-2011-4602
<= 2.10.0
The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) vi
CVE-2011-3594
all versions
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly oth
CVE-2011-3185
<= 2.9.0
gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL
CVE-2011-3184
<= 2.9.0
The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not proper
CVE-2011-2943
<= 2.9.0
The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not pr
CVE-2011-1091
all versions
libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause
CVE-2010-4528
<= 2.7.8
directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users
CVE-2010-3711
<= 2.7.3
libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows re
CVE-2010-2528
<= 2.7.1
The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authen
CVE-2010-1624
< 2.7.0
The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated
CVE-2010-0423
<= 2.6.5
gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by
CVE-2010-0420
<= 2.6.5
libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames cont
CVE-2010-0277
<= 2.6.5
slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to
CVE-2010-0013
all versions
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote a
7.5
HIGH
CVE-2009-3615
<= 2.6.2
The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of
CVE-2009-3085
<= 2.6.1
The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch
CVE-2009-3084
<= 2.6.1
The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as
CVE-2009-3083
<= 2.6.1
The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allo
CVE-2009-2703
<= 2.6.1
libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a
CVE-2009-3026
all versions
protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preferenc
CVE-2009-3025
all versions
Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM.
CVE-2009-2694
<= 2.5.8
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2
CVE-2009-1889
<= 2.5.7
The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type,
CVE-2009-1376
<= 2.5.5
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slp
CVE-2009-1375
<= 2.5.5
The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allo
CVE-2009-1374
<= 2.5.5
Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of se
CVE-2009-1373
<= 2.5.5
Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to e
CVE-2008-3532
all versions
The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick
CVE-2008-2927
<= 2.4.2
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slp
CVE-2008-2957
all versions
The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary
CVE-2008-2956
all versions
Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption
CVE-2008-2955
all versions
Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as
CVE-2007-4999
all versions
libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL deref
CVE-2007-4996
all versions
libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list,
CVE-2007-3841
all versions
Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users l
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin