CVE-2019-25544

Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an excessively long username string during account creation. Attackers can input a buffer of 1000 characters in the username field and trigger a crash when joining a chat, causing the application to become unavailable.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://pidgin.im/	Product
https://www.exploit-db.com/exploits/46930	Exploit VDB Entry
https://www.vulncheck.com/advisories/pidgin-denial-of-service-via-malformed-username	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:pidgin:pidgin:2.13.0:*:*:*:*:*:*:*

History

16 Apr 2026, 17:42

Type	Values Removed	Values Added
Summary		(es) Pidgin 2.13.0 contiene una vulnerabilidad de denegación de servicio que permite a atacantes locales colapsar la aplicación al proporcionar una cadena de nombre de usuario excesivamente larga durante la creación de la cuenta. Los atacantes pueden introducir un búfer de 1000 caracteres en el campo de nombre de usuario y provocar un colapso al unirse a un chat, haciendo que la aplicación deje de estar disponible.
CPE		cpe:2.3:a:pidgin:pidgin:2.13.0:::::::*
First Time		Pidgin pidgin Pidgin
References	~~() https://pidgin.im/ -~~	() https://pidgin.im/ - Product
References	~~() https://www.exploit-db.com/exploits/46930 -~~	() https://www.exploit-db.com/exploits/46930 - Exploit, VDB Entry
References	~~() https://www.vulncheck.com/advisories/pidgin-denial-of-service-via-malformed-username -~~	() https://www.vulncheck.com/advisories/pidgin-denial-of-service-via-malformed-username - Third Party Advisory

21 Mar 2026, 13:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-21 13:16

Updated : 2026-04-16 17:42

NVD link : CVE-2019-25544

Mitre link : CVE-2019-25544

CVE.ORG link : CVE-2019-25544

JSON object : View

Products Affected

pidgin

pidgin

CWE

CWE-807

Reliance on Untrusted Inputs in a Security Decision

{"id": "CVE-2019-25544", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-21T13:16:15.270", "references": [{"url": "https://pidgin.im/", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/46930", "tags": ["Exploit", "VDB Entry"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/pidgin-denial-of-service-via-malformed-username", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-807"}]}], "descriptions": [{"lang": "en", "value": "Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an excessively long username string during account creation. Attackers can input a buffer of 1000 characters in the username field and trigger a crash when joining a chat, causing the application to become unavailable."}, {"lang": "es", "value": "Pidgin 2.13.0 contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a atacantes locales colapsar la aplicaci\u00f3n al proporcionar una cadena de nombre de usuario excesivamente larga durante la creaci\u00f3n de la cuenta. Los atacantes pueden introducir un b\u00fafer de 1000 caracteres en el campo de nombre de usuario y provocar un colapso al unirse a un chat, haciendo que la aplicaci\u00f3n deje de estar disponible."}], "lastModified": "2026-04-16T17:42:51.770", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pidgin:pidgin:2.13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87BA085C-A707-40AD-8CBC-885D111E1173"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}