Pidgin Security Advisories

This page lists all potential security vulnerabilities discovered since August 1st, 2004 in Pidgin (or Gaim), Finch, libpurple, or any official plugins included with those programs.

Title CVE Name Date Fixed In
Yahoo IM parsing crash CVE-2009-3025 2009-08-22 2.6.1
MSN overflow parsing SLP messages CVE-2009-2694 2009-08-18 2.5.9
ICQ parser excessive memory allocation CVE-2009-1889 2009-05-28 2.5.8
MSN malformed SLP message overflow CVE-2009-1376 2009-05-02 2.5.6
Remote DoS in multiple protocols CVE-2009-1375 2009-03-20 2.5.6
QQ remote DoS CVE-2009-1374 2009-05-03 2.5.6
XMPP file transfer buffer overflow CVE-2009-1373 2009-05-02 2.5.6
NSS TLS/SSL Certificates not validated CVE-2008-3532 2008-07-25 2.5.0
Remote UPnP discovery DoS CVE-2008-2957 2007-05-11 2.5.0
MSN Remote file transfer filename DoS CVE-2008-2955 2008-06-25 2.4.3
MSN malformed SLP message overflow CVE-2008-2927 2008-07 2.4.3
NULL pointer dereference in parsing invalid HTML CVE-2007-4999 2007-10-24 2.2.2
MSN Remote "Nudge" DoS CVE-2007-4996 2007-09-27 2.2.1
AIM/ICQ away message buffer overflow CVE-2005-2103 2005-08-11 1.5.0
AIM/ICQ non-UTF-8 filename crash CVE-2005-2102 2005-08-11 1.5.0
Gadu-Gadu memory alignment bug CVE-2005-2370 2005-08-11 1.5.0
MSN Remote DoS CVE-2005-1934 2005-06-10 1.3.1
Remote Yahoo! crash CVE-2005-1269 2005-06-10 1.3.1
MSN Remote DoS CVE-2005-1262 2005-05-10 1.3.0
Remote crash on some protocols CVE-2005-1261 2005-05-10 1.3.0
Jabber remote crash CVE-2005-0967 2005-04-04 1.2.1
Remote DoS on receiving certain messages over IRC CVE-2005-0966 2005-04-02 1.2.1
Remote DoS on receiving malformed HTML CVE-2005-0965 2005-04-02 1.2.1
Remote DoS on receiving malformed HTML CVE-2005-0208 2005-02-24 1.1.4
Remote DoS on receiving malformed HTML CVE-2005-0473 2005-02-17 1.1.3
AIM/ICQ remote denial of service CVE-2005-0472 2005-02-17 1.1.3
MSN SLP buffer overflow CVE-2004-0891 2004-10-19 1.0.2
MSN SLP DOS (malloc error) N/A 2004-10-19 1.0.2
MSN File transfer DOS (malloc error) N/A 2004-10-19 1.0.2
Content-length DOS (malloc error) N/A 2004-08-26 0.82
RTF message buffer overflow CVE-2004-0785 2004-08-26 0.82
Local hostname resolution buffer overflow CVE-2004-0785 2004-08-26 0.82
URL decode buffer overflow CVE-2004-0785 2004-08-26 0.82
Groupware message receive integer overflow CVE-2004-0754 2004-08-26 0.82
Smiley theme installation lack of escaping CVE-2004-0784 2004-08-22 0.82
MSN strncpy buffer overflow CVE-2004-0500 2004-08-22 0.82
Newer