Skip to main content

Pidgin

45 CVEs product

Monthly

CVE-2019-25544 MEDIUM POC PATCH This Month

Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an excessively long username string during account creation. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Pidgin
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2022-26491 MEDIUM PATCH This Month

An issue was discovered in Pidgin before 2.14.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Pidgin Debian Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
2.4%
CVE-2016-4323 LOW POC PATCH Monitor

A directory traversal exists in the handling of the MXIT protocol in Pidgin. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Path Traversal Pidgin Ubuntu Linux Debian Linux
NVD
CVSS 3.0
3.7
EPSS
2.0%
CVE-2016-2380 LOW PATCH Monitor

An information leak exists in the handling of the MXIT protocol in Pidgin. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Pidgin Ubuntu Linux Debian Linux
NVD
CVSS 3.0
3.1
EPSS
0.5%
CVE-2016-2378 HIGH PATCH This Week

A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Pidgin Ubuntu Linux Debian Linux
NVD
CVSS 3.0
8.1
EPSS
3.3%
CVE-2016-2377 HIGH PATCH This Week

A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Pidgin Ubuntu Linux Debian Linux
NVD
CVSS 3.0
8.1
EPSS
3.3%
CVE-2016-2376 HIGH PATCH This Week

A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Buffer Overflow Pidgin Ubuntu Linux Debian Linux
NVD
CVSS 3.0
8.1
EPSS
6.9%
CVE-2016-2375 MEDIUM PATCH This Month

An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Pidgin Ubuntu Linux Debian Linux
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2016-2374 HIGH PATCH This Week

An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow RCE Pidgin Ubuntu Linux +1
NVD
CVSS 3.0
8.1
EPSS
2.8%
CVE-2016-2373 MEDIUM PATCH This Month

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow Pidgin Ubuntu Linux +1
NVD
CVSS 3.0
5.9
EPSS
2.0%
CVE-2016-2372 MEDIUM PATCH This Month

An information leak exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow Pidgin Ubuntu Linux +1
NVD
CVSS 3.0
5.9
EPSS
1.2%
CVE-2016-2371 HIGH PATCH This Week

An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Memory Corruption Buffer Overflow RCE Pidgin Ubuntu Linux +1
NVD
CVSS 3.0
8.1
EPSS
3.5%
CVE-2016-2370 MEDIUM PATCH This Month

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow Pidgin Ubuntu Linux +1
NVD
CVSS 3.0
5.9
EPSS
2.0%
CVE-2016-2369 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Null Pointer Dereference Pidgin Ubuntu Linux Debian Linux
NVD
CVSS 3.0
5.9
EPSS
3.3%
CVE-2016-2368 HIGH PATCH This Week

Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Buffer Overflow Pidgin Ubuntu Linux Debian Linux
NVD
CVSS 3.0
8.1
EPSS
6.0%
CVE-2016-2367 MEDIUM PATCH This Month

An information leak exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow Pidgin Ubuntu Linux +1
NVD
CVSS 3.0
5.9
EPSS
1.9%
CVE-2016-2366 MEDIUM PATCH This Month

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow Pidgin Ubuntu Linux +1
NVD
CVSS 3.0
5.9
EPSS
2.0%
CVE-2016-2365 MEDIUM PATCH This Month

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Pidgin Ubuntu Linux Debian Linux
NVD
CVSS 3.0
5.9
EPSS
3.3%
CVE-2014-3698 MEDIUM PATCH This Month

The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Pidgin
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2014-3697 MEDIUM PATCH This Month

Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Microsoft Pidgin
NVD
CVSS 2.0
6.4
EPSS
1.0%
CVE-2014-3696 MEDIUM PATCH This Month

nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Pidgin
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2014-3695 MEDIUM PATCH This Month

markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Pidgin
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2014-3694 MEDIUM PATCH This Month

The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure OpenSSL Opensuse Ubuntu Linux Debian Linux +1
NVD
CVSS 2.0
6.4
EPSS
1.3%
CVE-2013-6490 CRITICAL Emergency

The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 39.0% and no vendor patch available.

Buffer Overflow Pidgin
NVD
CVSS 2.0
10.0
EPSS
39.0%
CVE-2013-6489 MEDIUM This Month

Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pidgin
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-6487 HIGH This Week

Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Pidgin
NVD
CVSS 2.0
7.5
EPSS
3.9%
CVE-2013-6482 MEDIUM This Month

Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Pidgin
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-6481 MEDIUM This Month

libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo!. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pidgin
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2014-0020 MEDIUM This Month

The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Pidgin
NVD
CVSS 2.0
5.0
EPSS
3.5%
CVE-2013-6486 CRITICAL Act Now

gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Microsoft Pidgin
NVD
CVSS 2.0
9.3
EPSS
1.3%
CVE-2013-6485 MEDIUM This Month

Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pidgin
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-6484 MEDIUM This Month

The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pidgin
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-6483 MEDIUM This Month

The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Pidgin
NVD
CVSS 2.0
6.4
EPSS
0.9%
CVE-2013-6479 MEDIUM This Month

util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Pidgin
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-6478 MEDIUM This Month

gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Pidgin
NVD
CVSS 2.0
4.3
EPSS
3.1%
CVE-2013-6477 MEDIUM This Month

Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Pidgin
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2012-6152 MEDIUM This Month

The Yahoo!. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Pidgin
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2013-0274 LOW Monitor

upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging. Rated low severity (CVSS 2.9). No vendor patch available.

Denial Of Service Pidgin
NVD
CVSS 2.0
2.9
EPSS
0.5%
CVE-2013-0273 MEDIUM This Month

sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Pidgin
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2013-0272 MEDIUM This Month

Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Pidgin
NVD
CVSS 2.0
6.8
EPSS
1.9%
CVE-2013-0271 MEDIUM This Month

The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pidgin
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-3374 HIGH POC This Week

Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Pidgin
NVD
CVSS 2.0
7.5
EPSS
4.7%
CVE-2012-2318 MEDIUM POC PATCH This Month

msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Pidgin
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2012-2214 LOW PATCH Monitor

proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Denial Of Service Pidgin
NVD
CVSS 2.0
3.5
EPSS
0.5%
CVE-2012-1178 MEDIUM This Month

The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Pidgin
NVD
CVSS 2.0
5.0
EPSS
1.1%
EPSS 0% CVSS 6.9
MEDIUM POC PATCH This Month

Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an excessively long username string during account creation. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Pidgin
NVD Exploit-DB VulDB
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

An issue was discovered in Pidgin before 2.14.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Pidgin Debian Linux
NVD GitHub
EPSS 2% CVSS 3.7
LOW POC PATCH Monitor

A directory traversal exists in the handling of the MXIT protocol in Pidgin. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Path Traversal Pidgin Ubuntu Linux +1
NVD
EPSS 1% CVSS 3.1
LOW PATCH Monitor

An information leak exists in the handling of the MXIT protocol in Pidgin. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Pidgin +2
NVD
EPSS 3% CVSS 8.1
HIGH PATCH This Week

A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Pidgin Ubuntu Linux +1
NVD
EPSS 3% CVSS 8.1
HIGH PATCH This Week

A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Pidgin Ubuntu Linux +1
NVD
EPSS 7% CVSS 8.1
HIGH PATCH This Week

A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Buffer Overflow Pidgin +2
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Pidgin +2
NVD
EPSS 3% CVSS 8.1
HIGH PATCH This Week

An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow RCE +3
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow +3
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

An information leak exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow +3
NVD
EPSS 4% CVSS 8.1
HIGH PATCH This Week

An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Memory Corruption Buffer Overflow RCE +3
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow +3
NVD
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Null Pointer Dereference Pidgin +2
NVD
EPSS 6% CVSS 8.1
HIGH PATCH This Week

Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Buffer Overflow Pidgin +2
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

An information leak exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow +3
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow +3
NVD
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Pidgin +2
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Pidgin
NVD
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Microsoft Pidgin
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Pidgin
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Pidgin
NVD
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure OpenSSL Opensuse +3
NVD
EPSS 39% CVSS 10.0
CRITICAL Emergency

The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 39.0% and no vendor patch available.

Buffer Overflow Pidgin
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pidgin
NVD
EPSS 4% CVSS 7.5
HIGH This Week

Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Pidgin
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Pidgin
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo!. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pidgin
NVD
EPSS 4% CVSS 5.0
MEDIUM This Month

The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Pidgin
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Microsoft Pidgin
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pidgin
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pidgin
NVD
EPSS 1% CVSS 6.4
MEDIUM This Month

The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Pidgin
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Pidgin
NVD
EPSS 3% CVSS 4.3
MEDIUM This Month

gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Pidgin
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Pidgin
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The Yahoo!. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Pidgin
NVD
EPSS 0% CVSS 2.9
LOW Monitor

upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging. Rated low severity (CVSS 2.9). No vendor patch available.

Denial Of Service Pidgin
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Pidgin
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Pidgin
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pidgin
NVD
EPSS 5% CVSS 7.5
HIGH POC This Week

Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Pidgin
NVD
EPSS 1% CVSS 5.0
MEDIUM POC PATCH This Month

msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Pidgin
NVD
EPSS 1% CVSS 3.5
LOW PATCH Monitor

proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Denial Of Service Pidgin
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Pidgin
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy