VYPR
Vendor

Pidgin (software)

Pidgin is a free and open-source multi-platform instant messaging client, based on a library named libpurple that has support for many instant messaging protocols, allowing the user to simultaneously log in to various services from a single application, with a single interface for both popular and obsolete protocols, thus avoiding the hassle of having to deal with new software for each device and protocol.

Founded 1998
Products
3
CVEs
89
Across products
102
Status
Private

Products

3

Recent CVEs

89
View all 89 CVEs →
  • CVE-2016-1000030CriSep 5, 2018
    risk 0.57cvss 9.8epss 0.02

    Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509…

  • CVE-2016-2379HigMar 29, 2017
    risk 0.57cvss 8.8epss 0.00

    The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.

  • CVE-2016-2378HigJan 6, 2017
    risk 0.53cvss 8.1epss 0.03

    A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send…

  • CVE-2016-2377HigJan 6, 2017
    risk 0.53cvss 8.1epss 0.03

    A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send a negative content-length in response to a HTTP…

  • CVE-2016-2376HigJan 6, 2017
    risk 0.53cvss 8.1epss 0.04

    A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid…

  • CVE-2016-2374HigJan 6, 2017
    risk 0.53cvss 8.1epss 0.03

    An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution.

  • CVE-2016-2371HigJan 6, 2017
    risk 0.53cvss 8.1epss 0.03

    An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.

  • CVE-2016-2368HigJan 6, 2017
    risk 0.53cvss 8.1epss 0.05

    Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure.

  • CVE-2010-0013HigJan 9, 2010
    risk 0.53cvss 7.5epss 0.13

    Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to…

  • CVE-2017-2640HigJul 27, 2018
    risk 0.49cvss 7.5epss 0.06

    An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.

  • CVE-2019-25544MedMar 21, 2026
    risk 0.40cvss 6.2epss 0.00

    Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an excessively long username string during account creation. Attackers can input a buffer of 1000 characters in the username field and trigger a crash when…

  • CVE-2016-2373MedJan 6, 2017
    risk 0.39cvss 5.9epss 0.02

    A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability.

  • CVE-2016-2370MedJan 6, 2017
    risk 0.39cvss 5.9epss 0.02

    A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this…

  • CVE-2016-2369MedJan 6, 2017
    risk 0.39cvss 5.9epss 0.02

    A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte…

  • CVE-2016-2367MedJan 6, 2017
    risk 0.39cvss 5.9epss 0.02

    An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger…

  • CVE-2016-2366MedJan 6, 2017
    risk 0.39cvss 5.9epss 0.02

    A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data…

  • CVE-2016-2365MedJan 6, 2017
    risk 0.39cvss 5.9epss 0.02

    A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid…

  • CVE-2016-2372MedJan 6, 2017
    risk 0.38cvss 5.9epss 0.02

    An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer…

  • CVE-2016-2375MedJan 6, 2017
    risk 0.35cvss 5.3epss 0.03

    An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure.

  • CVE-2016-4323LowJan 6, 2017
    risk 0.24cvss 3.7epss 0.02

    A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a…