IMFreedom Security

This page lists all potential security vulnerabilities discovered since August 1st, 2004. Unfortunately we did not start collecting data before this date. If you are interested in pulling this missing information out of the CVE database, please don’t hesitate to send up a pull request!

2022 #

MITM when used without DNSSEC
CVE-2022-26491
dnssec

2017 #

2016 #

Pidgin MXIT Table Command Denial of Service Vulnerability
CVE-2016-2366, TALOS-2016-0134
mxit, protocol
Pidgin MXIT Suggested Contacts Memory Disclosure Vulnerability
CVE-2016-2375, TALOS-2016-0143
mxit, protocol
Pidgin MXIT Splash Image Arbitrary File Overwrite Vulnerability
CVE-2016-4323, TALOS-2016-0128
mxit, protocol
Pidgin MXIT read stage 0x3 Code Execution Vulnerability
CVE-2016-2376, TALOS-2016-0118
mxit, protocol
Pidgin MXIT mxit_convert_markup_tx Information Leak Vulnerability
CVE-2016-2380, TALOS-2016-0123
mxit, protocol
Pidgin MXIT MultiMX Message Code Execution Vulnerability
CVE-2016-2374, TALOS-2016-0142
mxit, protocol
Pidgin MXIT Markup Command Denial of Service Vulnerability
CVE-2016-2365, TALOS-2016-0133
mxit, protocol
Pidgin MXIT HTTP Content-Length Buffer Overflow Vulnerability
CVE-2016-2377, TALOS-2016-0119
mxit, protocol
Pidgin MXIT get_utf8_string Code Execution Vulnerability
CVE-2016-2378, TALOS-2016-0120
mxit, protocol
Pidgin MXIT g_snprintf Multiple Buffer Overflow Vulnerabilities
CVE-2016-2368, TALOS-2016-0136
mxit, protocol
Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability
CVE-2016-2372, TALOS-2016-0140
mxit, protocol
Pidgin MXIT Extended Profiles Code Execution Vulnerability
CVE-2016-2371, TALOS-2016-0139
mxit, protocol
Pidgin MXIT Custom Resource Denial of Service Vulnerability
CVE-2016-2370, TALOS-2016-0138
mxit, protocol
Pidgin MXIT CP_SOCK_REC_TERM Denial of Service Vulnerability
CVE-2016-2369, TALOS-2016-0137
mxit, protocol
Pidgin MXIT Contact Mood Denial of Service Vulnerability
CVE-2016-2373, TALOS-2016-0141
mxit, protocol
Pidgin MXIT Avatar Length Memory Disclosure Vulnerability
CVE-2016-2367, TALOS-2016-0135
mxit, protocol

2014 #

Remote crash parsing malformed Groupwise message
CVE-2014-3696
groupwise, novell, protocol
Potential information leak from XMPP
CVE-2014-3698
xmpp, protocol
Remote crash reading Yahoo! P2P message
CVE-2013-6481
yahoo, protocol
Crash handling bad XMPP timestamp
CVE-2013-6477
xmpp, protocol
Buffer overflow in MXit emoticon parsing
CVE-2013-6489
mxit, protocol
Buffer overflow in Gadu-Gadu HTTP parsing
CVE-2013-6487
gadu-gadu, protocol

2012 #

2011 #

XMPP remote crash
CVE-2011-4602
xmpp, protocol
AIM and ICQ remote crash
CVE-2011-4601
aim, icq, oscar, protocol
SILC remote crash
CVE-2011-4603
silc, protocol
SILC remote crash
CVE-2011-3594
silc, protocol
Remote crash in MSN protocol plugin
CVE-2011-3184
msn, protocol
Remote crash in IRC protocol plugin
CVE-2011-2943
irc, protocol
XMPP remote crash
CVE-2011-4939
xmpp, protocol

2010 #

MSN direct connection denial of service
CVE-2010-4528
msn, protocol
Multiple remotely-triggered denials of service
CVE-2010-3711
yahoo, msn, myspaceim, xmpp, ntlm, protocol
ICQ X-Status denial of service
CVE-2010-2528
icq, protocol
MSN emoticon denial of service
CVE-2010-1624
msn, protocol
MSN malformed SLP message crash
CVE-2010-0277
msn, protocol
Finch XMPP MUC crash
CVE-2010-0420
finch, libpurple, xmpp
MSN file download vulnerability
CVE-2010-0013
msn, protocol

2009 #

ICQ and maybe AIM remote crash
CVE-2009-3615
aim, icq, oscar, protocol
XMPP may not enforce TLS
CVE-2009-3026
xmpp, protocol
XMPP custom smiley parsing bug
CVE-2009-3085
xmpp, protocol
MSN partial SLP invite crash
CVE-2009-3083
msn, protocol
MSN handwritten message crash
CVE-2009-3084
msn, protocol
IRC crash from malicious server
CVE-2009-2703
irc, protocol
Yahoo IM parsing crash
CVE-2009-3025
yahoo, protocol
MSN overflow parsing SLP messages
CVE-2009-2694
msn, protocol
ICQ parser excessive memory allocation
CVE-2009-1889
icq, protocol
QQ remote DoS
CVE-2009-1374
qq, protocol
XMPP file transfer buffer overflow
CVE-2009-1373
xmpp, protocol
MSN malformed SLP message overflow
CVE-2009-1376
msn, protocol
Remote DoS in multiple protocols
CVE-2009-1375
xmpp, sametime, protocol

2008 #

MSN malformed SLP message overflow
CVE-2008-2927
msn, protocol
MSN Remote file transfer filename DoS
CVE-2008-2955
msn, protocol
Remote UPnP discovery DoS
CVE-2008-2957
upnp

2007 #

MSN Remote "Nudge" DoS
CVE-2007-4996
msn, protocol

2005 #

Gadu-Gadu memory alignment bug
CVE-2005-2370
gadu-gadu, protocol
AIM/ICQ non-UTF-8 filename crash
CVE-2004-0500
aim, icq, oscar, protocol
AIM/ICQ away message buffer overflow
CVE-2005-2103
aim, icq, oscar, protocol
Remote Yahoo! crash
cve-2005-1269
yahoo, protocol
MSN Remote DoS
CVE-2005-1934
msn, protocol
Remote crash on some protocols
CVE-2005-1261
jabber, xmpp, silc, protocol
MSN Remote DoS
CVE-2005-1262
msn, protocol
Jabber remote crash
CVE-2005-0967
jabber, xmpp, protocol
AIM/ICQ remote denial of service
CVE-2005-0472
aim, icq, oscar, protocol

2004 #

MSN SLP buffer overflow
CVE-2004-0891
protocol, msn
Local hostname resolution buffer overflow
CVE-2004-0785
protocol, zephyr
Groupware message receive integer overflow
CVE-2004-0754
protocol, novell
MSN strncpy buffer overflow
CVE-2004-0500
msn, protocol