Information on source package pidgin

Available versions

ReleaseVersion
buster2.13.0-2
bullseye2.14.1-1
bookworm2.14.12-1
sid2.14.12-1

Open issues

BugbusterbullseyebookwormsidDescription
CVE-2022-26491vulnerable (no DSA)vulnerable (no DSA)fixedfixedAn issue was discovered in Pidgin before 2.14.9. A remote attacker who ...

Open unimportant issues

BugbusterbullseyebookwormsidDescription
CVE-2012-1257vulnerablevulnerablevulnerablevulnerablePidgin 2.10.0 uses DBUS for certain cleartext communication, which all ...
CVE-2008-2956vulnerablevulnerablevulnerablevulnerableCVE-2008-2956 pidgin: memory leak in XML parser ...

Resolved issues

BugDescription
CVE-2017-2640An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 ...
CVE-2016-1000030Pidgin version <2.11.0 contains a vulnerability in X.509 Certificat ...
CVE-2016-4323A directory traversal exists in the handling of the MXIT protocol in P ...
CVE-2016-2380An information leak exists in the handling of the MXIT protocol in Pid ...
CVE-2016-2378A buffer overflow vulnerability exists in the handling of the MXIT pro ...
CVE-2016-2377A buffer overflow vulnerability exists in the handling of the MXIT pro ...
CVE-2016-2376A buffer overflow vulnerability exists in the handling of the MXIT pro ...
CVE-2016-2375An exploitable out-of-bounds read exists in the handling of the MXIT p ...
CVE-2016-2374An exploitable memory corruption vulnerability exists in the handling ...
CVE-2016-2373A denial of service vulnerability exists in the handling of the MXIT p ...
CVE-2016-2372An information leak exists in the handling of the MXIT protocol in Pid ...
CVE-2016-2371An out-of-bounds write vulnerability exists in the handling of the MXI ...
CVE-2016-2370A denial of service vulnerability exists in the handling of the MXIT p ...
CVE-2016-2369A NULL pointer dereference vulnerability exists in the handling of the ...
CVE-2016-2368Multiple memory corruption vulnerabilities exist in the handling of th ...
CVE-2016-2367An information leak exists in the handling of the MXIT protocol in Pid ...
CVE-2016-2366A denial of service vulnerability exists in the handling of the MXIT p ...
CVE-2016-2365A denial of service vulnerability exists in the handling of the MXIT p ...
CVE-2014-3698The jabber_idn_validate function in jutil.c in the Jabber protocol plu ...
CVE-2014-3697Absolute path traversal vulnerability in the untar_block function in w ...
CVE-2014-3696nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidg ...
CVE-2014-3695markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.1 ...
CVE-2014-3694The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/ ...
CVE-2014-0020The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not ...
CVE-2013-6490The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remot ...
CVE-2013-6489Integer signedness error in the MXit functionality in Pidgin before 2. ...
CVE-2013-6487Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu ...
CVE-2013-6486gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted rem ...
CVE-2013-6485Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows ...
CVE-2013-6484The STUN protocol implementation in libpurple in Pidgin before 2.10.8 ...
CVE-2013-6483The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not ...
CVE-2013-6482Pidgin before 2.10.8 allows remote MSN servers to cause a denial of se ...
CVE-2013-6481libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows rem ...
CVE-2013-6479util.c in libpurple in Pidgin before 2.10.8 does not properly allocate ...
CVE-2013-6478gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with un ...
CVE-2013-6477Multiple integer signedness errors in libpurple in Pidgin before 2.10. ...
CVE-2013-0274upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminat ...
CVE-2013-0273sametime.c in the Sametime protocol plugin in libpurple in Pidgin befo ...
CVE-2013-0272Buffer overflow in http.c in the MXit protocol plugin in libpurple in ...
CVE-2013-0271The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might al ...
CVE-2012-6152The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does n ...
CVE-2012-3374Buffer overflow in markup.c in the MXit protocol plugin in libpurple i ...
CVE-2012-2318msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 ...
CVE-2012-2214proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle ...
CVE-2012-1178CVE-2012-1178 pidgin: Client abort in the MSN protocol plug-in by atte ...
CVE-2011-4939The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin befor ...
CVE-2011-4922CVE-2011-4922 Cipher API information disclosure in pidgin ...
CVE-2011-4603The silc_channel_message function in ops.c in the SILC protocol plugin ...
CVE-2011-4602The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not ...
CVE-2011-4601family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin b ...
CVE-2011-3594The g_markup_escape_text function in the SILC protocol plug-in in libp ...
CVE-2011-3185gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted rem ...
CVE-2011-3184The msn_httpconn_parse_data function in httpconn.c in the MSN protocol ...
CVE-2011-2943The irc_msg_who function in msgs.c in the IRC protocol plugin in libpu ...
CVE-2011-1091CVE-2011-1091 Pidgin: Multiple NULL pointer dereference flaws in Yahoo ...
CVE-2010-4528directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7 ...
CVE-2010-3711CVE-2010-3711 Pidgin (libpurple): Multiple DoS (crash) flaws by proces ...
CVE-2010-2528The clientautoresp function in family_icbm.c in the oscar protocol plu ...
CVE-2010-1624CVE-2010-1624 Pidgin: MSN SLP emoticon DoS (NULL pointer dereference) ...
CVE-2010-0423CVE-2010-0423 pidgin: Smiley Denial of Service ...
CVE-2010-0420CVE-2010-0420 pidgin: Finch XMPP MUC Crash ...
CVE-2010-0277slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, ...
CVE-2010-0013CVE-2010-0013 pidgin/libpurple: MSN custom smiley request directory tr ...
CVE-2009-3615CVE-2009-3615 Pidgin: Invalid pointer dereference (crash) after receiv ...
CVE-2009-3085The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not ...
CVE-2009-3084The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c ...
CVE-2009-3083The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the ...
CVE-2009-3026protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly oth ...
CVE-2009-3025Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to c ...
CVE-2009-2703libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple ...
CVE-2009-2694The msn_slplink_process_msg function in libpurple/protocols/msn/slplin ...
CVE-2009-1889CVE-2009-1889 pidgin: DoS via specially-crafted ICQWebMessage ...
CVE-2009-1376CVE-2009-1376 pidgin incomplete fix for CVE-2008-2927 ...
CVE-2009-1375CVE-2009-1375 pidgin PurpleCircBuffer corruption ...
CVE-2009-1374CVE-2009-1374 pidgin DoS when decrypting qq packets ...
CVE-2009-1373CVE-2009-1373 pidgin file transfer buffer overflow ...
CVE-2008-3532CVE-2008-3532 pidgin: NSS plugin doesn't verify SSL certificates ...
CVE-2008-2957CVE-2008-2957 pidgin: unrestricted download of arbitrary files trigger ...
CVE-2008-2955CVE-2008-2955 pidgin: remote DoS via MSN message with crafted file nam ...
CVE-2008-2927CVE-2008-2927 pidgin MSN integer overflow ...
CVE-2007-4999libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allo ...
CVE-2007-4996CVE-2007-4996 MSN nudges sent from unknown buddies can cause libpurple ...

Security announcements

DSA / DLADescription
DLA-3043-1pidgin - security update
DLA-853-1pidgin - security update
DSA-3806-1pidgin - security update
DSA-3620-1pidgin - security update
DLA-542-1pidgin - security update
DSA-3055-1pidgin - security update
DSA-2859-2pidgin - security update
DSA-2859-1pidgin - several
DSA-2509-1pidgin - remote code execution
DSA-2038-1pidgin - denial of service
DSA-1932-1pidgin - arbitrary code execution
DSA-1870-1pidgin - insufficient input sanitization
DSA-1805-1pidgin - several vulnerabilities

Search for package or bug name: Reporting problems