Pidgin Security Advisories

This page lists all potential security vulnerabilities discovered since August 1st, 2004 in Pidgin (or Gaim), Finch, libpurple, or any official plugins included with those programs.

Title	CVE Name	Date	Fixed In
Crash when receiving a UPnP response with abnormally long values	CVE-2013-0274	2013-02-13	2.10.7
Sametime crash with long user IDs	CVE-2013-0273	2013-02-13	2.10.7
MXit buffer overflow reading data from network	CVE-2013-0272	2013-02-13	2.10.7
Remote MXit user could specify local file path	CVE-2013-0271	2013-02-13	2.10.7
MXit buffer overflow	CVE-2012-3374	2012-07-05	2.10.5
Possible MSN remote crash	CVE-2012-2318	2012-05-06	2.10.4
XMPP remote crash	CVE-2012-2214	2012-05-06	2.10.4
Possible MSN remote crash	CVE-2012-1178	2012-01-17	2.10.2
XMPP remote crash	CVE-2011-4939	2011-07-08	2.10.2
SILC remote crash	CVE-2011-4603	2011-09-29	2.10.1
XMPP remote crash	CVE-2011-4602	2011-12-10	2.10.1
AIM and ICQ remote crash	CVE-2011-4601	2011-10-20	2.10.1
SILC remote crash	CVE-2011-3594	2011-09-29	2.10.1
Pidgin uses clickable links to untrusted executables	CVE-2011-3185	2011-08-20	2.10.0
Remote crash in MSN protocol plugin	CVE-2011-3184	2011-08-20	2.10.0
Remote crash in IRC protocol plugin	CVE-2011-2943	2011-08-20	2.10.0
Remote denial of service from corrupt buddy icons	CVE-2011-2485	2011-06-23	2.9.0
Remote denial of service in Yahoo protocol plugin	CVE-2011-1091	2011-03-10	2.7.11
Cipher API information disclosure	N/A	2011-02-06	2.7.10
MSN direct connection denial of service	CVE-2010-4528	2010-12-26	2.7.9
purple_base64_decode() remote crashes	CVE-2010-3711	2010-10-20	2.7.4
ICQ X-Status denial of service	CVE-2010-2528	2010-07-21	2.7.2
MSN emoticon denial of service	CVE-2010-1624	2010-05-12	2.7.0
Smiley denial of service	CVE-2010-0423	2010-02-18	2.6.6
Finch XMPP MUC crash	CVE-2010-0420	2010-02-18	2.6.6
MSN malformed SLP message crash	CVE-2010-0277	2010-02-18	2.6.6
MSN file download vulnerability	CVE-2010-0013	2010-01-08	2.6.5
ICQ and maybe AIM remote crash	CVE-2009-3615	2009-10-16	2.6.3
IRC crash from malicious server	CVE-2009-2703	2009-09-03	2.6.2
MSN partial SLP invite crash	CVE-2009-3083	2009-09-03	2.6.2
MSN handwritten message crash	CVE-2009-3084	2009-09-03	2.6.2
XMPP custom smiley parsing bug	CVE-2009-3085	2009-09-03	2.6.2
XMPP may not enforce TLS	CVE-2009-3026	2009-09-03	2.6.0
Yahoo IM parsing crash	CVE-2009-3025	2009-08-22	2.6.1
MSN overflow parsing SLP messages	CVE-2009-2694	2009-08-18	2.5.9
ICQ parser excessive memory allocation	CVE-2009-1889	2009-05-28	2.5.8
MSN malformed SLP message overflow	CVE-2009-1376	2009-05-02	2.5.6
Remote DoS in multiple protocols	CVE-2009-1375	2009-03-20	2.5.6
QQ remote DoS	CVE-2009-1374	2009-05-03	2.5.6
XMPP file transfer buffer overflow	CVE-2009-1373	2009-05-02	2.5.6
NSS TLS/SSL Certificates not validated	CVE-2008-3532	2008-07-25	2.5.0
Remote UPnP discovery DoS	CVE-2008-2957	2007-05-11	2.5.0
MSN Remote file transfer filename DoS	CVE-2008-2955	2008-06-25	2.4.3
MSN malformed SLP message overflow	CVE-2008-2927	2008-07	2.4.3
NULL pointer dereference in parsing invalid HTML	CVE-2007-4999	2007-10-24	2.2.2
MSN Remote "Nudge" DoS	CVE-2007-4996	2007-09-27	2.2.1
AIM/ICQ away message buffer overflow	CVE-2005-2103	2005-08-11	1.5.0
AIM/ICQ non-UTF-8 filename crash	CVE-2005-2102	2005-08-11	1.5.0
Gadu-Gadu memory alignment bug	CVE-2005-2370	2005-08-11	1.5.0
MSN Remote DoS	CVE-2005-1934	2005-06-10	1.3.1
Remote Yahoo! crash	CVE-2005-1269	2005-06-10	1.3.1

Older