Pidgin Security Advisories

This page lists all potential security vulnerabilities discovered since August 1st, 2004 in Pidgin (or Gaim) and its components.

Title	CVE Name	Date	Fixed In
MSN file download vulnerability	CVE-2010-0013	2010-01-08	2.6.5
ICQ and maybe AIM remote crash	CVE-2009-3615	2009-10-16	2.6.3
IRC crash from malicious server	CVE-2009-2703	3 September 2009	2.6.2
MSN partial SLP invite crash	CVE-2009-3083	3 September 2009	2.6.2
MSN handwritten message crash	CVE-2009-3084	3 September 2009	2.6.2
XMPP custom smiley parsing bug	CVE-2009-3085	3 September 2009	2.6.2
XMPP may not enforce TLS	CVE-2009-3026	3 September 2009	2.6.0
Yahoo IM parsing crash	CVE-2009-3025	22 August 2009	2.6.1
MSN overflow parsing SLP messages	CVE-2009-2694	18 August 2009	2.5.9
ICQ parser excessive memory allocation	CVE-2009-1889	28 May 2009	2.5.8
MSN malformed SLP message overflow	CVE-2009-1376	2 May 2009	2.5.6
Remote DoS in multiple protocols	CVE-2009-1375	20 Mar 2009	2.5.6
QQ remote DoS	CVE-2009-1374	3 May 2009	2.5.6
XMPP file transfer buffer overflow	CVE-2009-1373	2 May 2009	2.5.6
NSS TLS/SSL Certificates not validated	CVE-2008-3532	25 July 2008	2.5.0
Remote UPnP discovery DoS	CVE-2008-2957	11 May 2007	2.5.0
MSN Remote file transfer filename DoS	CVE-2008-2955	25 June 2008	2.4.3
MSN malformed SLP message overflow	CVE-2008-2927	July 2008	2.4.3
NULL pointer dereference in parsing invalid HTML	CVE-2007-4999	24 October 2007	2.2.2
MSN Remote "Nudge" DoS	CVE-2007-4996	27 September 2007	2.2.1
AIM/ICQ away message buffer overflow	CAN-2005-2103	11 August 2005	1.5.0
AIM/ICQ non-UTF-8 filename crash	CAN-2005-2102	11 August 2005	1.5.0
Gadu-Gadu memory alignment bug	CAN-2005-2370	11 August 2005	1.5.0
MSN Remote DoS	CAN-2005-1934	10 June 2005	1.3.1
Remote Yahoo! crash	CAN-2005-1269	10 June 2005	1.3.1
MSN Remote DoS	CAN-2005-1262	10 May 2005	1.3.0
Remote crash on some protocols	CAN-2005-1261	10 May 2005	1.3.0
Jabber remote crash	CAN-2005-0967	4 April 2005	1.2.1
Remote DoS on receiving certain messages over IRC	CAN-2005-0966	2 April 2005	1.2.1
Remote DoS on receiving malformed HTML	CAN-2005-0965	2 April 2005	1.2.1
Remote DoS on receiving malformed HTML	CAN-2005-0208	24 February 2005	1.1.4
Remote DoS on receiving malformed HTML	CAN-2005-0473	17 February 2005	1.1.3
AIM/ICQ remote denial of service	CAN-2005-0472	17 February 2005	1.1.3
MSN SLP buffer overflow	CAN-2004-0891	19 October 2004	1.0.2
MSN SLP DOS (malloc error)	N/A	19 October 2004	1.0.2
MSN File transfer DOS (malloc error)	N/A	19 October 2004	1.0.2
Content-length DOS (malloc error)	N/A	26 August 2004	0.82
RTF message buffer overflow	CAN-2004-0785	26 August 2004	0.82
Local hostname resolution buffer overflow	CAN-2004-0785	26 August 2004	0.82
URL decode buffer overflow	CAN-2004-0785	26 August 2004	0.82
Groupware message receive integer overflow	CAN-2004-0754	26 August 2004	0.82
Smiley theme installation lack of escaping	CAN-2004-0784	22 August 2004	0.82
MSN strncpy buffer overflow	CAN-2004-0500	22 August 2004	0.82