pkg:Debian/pidgin
95 total CVEsCRITICAL4HIGH7MEDIUM13LOW2
✅ Check your installed version
All known vulnerabilities
- CRITICAL9.8CVE-2016-1000030Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnut…from 0, < 2.11.0-1
- from 0, < 2.10.10-1~deb7u3
- from 0, < 2.11.0-0+deb8u2
- from 0, < 2.12.0-1
- HIGH8.1CVE-2016-2378A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin.from 0, < 2.11.0-1
- HIGH8.1CVE-2016-2377A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin.from 0, < 2.11.0-1
- HIGH8.1CVE-2016-2376A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin.from 0, < 2.11.0-1
- HIGH8.1CVE-2016-2374An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin.from 0, < 2.11.0-1
- HIGH8.1CVE-2016-2371An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin.from 0, < 2.11.0-1
- HIGH8.1CVE-2016-2368Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin.from 0, < 2.11.0-1
- HIGH7.5CVE-2010-0013Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers…from 0, < 2.6.5-1
- from 0
- from 0, < 2.12.0-1+deb9u1
- MEDIUM5.9CVE-2016-2373A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin.from 0, < 2.11.0-1
- from 0, < 2.11.0-1
- MEDIUM5.9CVE-2016-2370A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin.from 0, < 2.11.0-1
- MEDIUM5.9CVE-2016-2369A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin.from 0, < 2.11.0-1
- from 0, < 2.11.0-1
- MEDIUM5.9CVE-2016-2366A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin.from 0, < 2.11.0-1
- from 0, < 2.10.10-1~deb7u2
- from 0, < 2.11.0-1
- from 0, < 2.11.0-0+deb8u1
- MEDIUM5.5CVE-2012-1257Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session mo…from 0
- MEDIUM5.3CVE-2016-2375An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin.from 0, < 2.11.0-1
- from 0, < 2.11.0-1
- from 0, < 2.11.0-1
- —CVE-2014-3698The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to…from 0, < 2.10.10-1
- —CVE-2014-3696nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service…from 0, < 2.10.10-1
- —CVE-2014-3695markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application…from 0, < 2.10.10-1
- from 0, < 2.10.10-1
- from 0, < 2.10.10-1~deb7u1
- —CVE-2013-6490The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Leng…from 0, < 2.10.8-1
- —CVE-2013-6489Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentati…from 0, < 2.10.8-1
- from 0, < 2.10.8-1
- —CVE-2013-6482Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP res…from 0, < 2.10.8-1
- —CVE-2013-6481libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P m…from 0, < 2.10.8-1
- —CVE-2014-0020The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a…from 0, < 2.10.8-1
- from 0, < 2.7.3-1+squeeze4
- from 0, < 2.10.8-1
- —CVE-2013-6484The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bound…from 0, < 2.10.8-1
- —CVE-2013-6483The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consis…from 0, < 2.10.8-1
- —CVE-2013-6479util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Len…from 0, < 2.10.8-1
- —CVE-2013-6478gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-as…from 0, < 2.10.8-1
- from 0, < 2.10.8-1
- from 0, < 2.10.9-1~deb7u1
- —CVE-2012-6152The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cau…from 0, < 2.10.8-1
- —CVE-2013-0274upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to ca…from 0, < 2.10.6-3
- —CVE-2013-0273sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows rem…from 0, < 2.10.6-3
- —CVE-2013-0272Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code…from 0, < 2.10.6-3
- —CVE-2013-0271The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) m…from 0, < 2.10.6-3
- —CVE-2011-4922cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local user…from 0, < 2.7.11-1
- from 0, < 2.7.3-1+squeeze3
- from 0, < 2.10.6-1
- —CVE-2012-2318msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote serv…from 0, < 2.10.4-1
- —CVE-2012-2214proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remot…from 0, < 2.10.4-1
- —CVE-2012-1178The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause…from 0, < 2.10.2-1
- —CVE-2011-4939The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL p…from 0, < 2.10.2-1
- —CVE-2011-4601family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on messag…from 0, < 2.10.1-1
- —CVE-2011-4603The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected U…from 0, < 2.10.1-1
- —CVE-2011-4602The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat…from 0, < 2.10.1-1
- —CVE-2011-3594The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other produc…from 0, < 2.10.1-1
- —CVE-2011-3184The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle…from 0, < 2.10.0-1
- —CVE-2011-2943The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly va…from 0, < 2.10.0-1
- —CVE-2011-1091libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial…from 0, < 2.7.11-1
- —CVE-2010-4528directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause…from 0, < 2.7.9-1
- —CVE-2010-3711libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote auth…from 0, < 2.7.4-1
- —CVE-2010-2528The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated u…from 0, < 2.7.2-1
- —CVE-2010-1624The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to…from 0, < 2.7.0-1
- —CVE-2010-0423gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending m…from 0, < 2.6.6-1
- —CVE-2010-0420libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <b…from 0, < 2.6.6-1
- —CVE-2010-0277slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a d…from 0, < 2.6.6-1
- from 0, < 2.6.3-1
- from 0, < 2.4.3-4lenny5
- —CVE-2009-3085The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a cus…from 0, < 2.6.2-1
- —CVE-2009-3084The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in P…from 0, < 2.6.2-1
- from 0, < 2.4.3-4lenny6
- from 0, < 2.6.2-1
- —CVE-2009-2703libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial o…from 0, < 2.6.2
- —CVE-2009-3026protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when co…from 0, < 2.6.1-1
- —CVE-2009-3025Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM.from 0, < 2.6.1-1
- from 0, < 2.5.9-1
- from 0, < 2.4.3-4lenny3
- —CVE-2009-1889The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which all…from 0, < 2.5.8-1
- —CVE-2009-1376Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c an…from 0, < 2.5.6-1
- —CVE-2009-1375The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote…from 0, < 2.5.6-1
- —CVE-2009-1374Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (ap…from 0, < 2.5.6-1
- —CVE-2009-1373Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute ar…from 0, < 2.5.6-1
- —CVE-2008-3532The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user in…from 0, < 2.4.3-2
- from 0, < 2.4.3-4lenny2
- from 0, < 2.4.3-1
- —CVE-2008-2955Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstr…from 0, < 2.4.3-1
- —CVE-2008-2957The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and…from 0, < 2.4.3-4
- —CVE-2008-2956Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via mal…from 0
- —CVE-2007-4999libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference an…from 0, < 2.2.2-1
- —CVE-2007-4996libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which all…from 0, < 2.2.1-1