CVE-2019-25544
Received Received - Intake
Buffer Overflow in Pidgin 2.13.0 Causes Denial of Service

Publication date: 2026-03-21

Last updated on: 2026-04-16

Assigner: VulnCheck

Description
Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an excessively long username string during account creation. Attackers can input a buffer of 1000 characters in the username field and trigger a crash when joining a chat, causing the application to become unavailable.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-21
Last Modified
2026-04-16
Generated
2026-06-16
AI Q&A
2026-03-21
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25544
EUVD
EUVD-2019-19837
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pidgin pidgin 2.13.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-807 The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25544 is a denial of service vulnerability in Pidgin version 2.13.0 and earlier. It occurs when a local attacker provides an excessively long username stringβ€”specifically a buffer of 1000 charactersβ€”during account creation. This malformed username causes the application to crash when the user attempts to join a chat, making the application unavailable.

The vulnerability is classified under CWE-807, which relates to reliance on untrusted inputs in a security decision.

Impact Analysis

This vulnerability can impact you by causing the Pidgin application to crash and become unavailable. Since the crash is triggered by providing an excessively long username during account creation, a local attacker can exploit this to cause a denial of service, disrupting your ability to use the chat client.

The impact is specifically on availability, meaning the application stops functioning properly, which can interrupt communication and productivity.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition on Pidgin 2.13.0 by providing an excessively long username string during account creation.'}, {'type': 'paragraph', 'content': 'A practical detection method involves using the provided proof-of-concept exploit which generates a username buffer of 1000 characters.'}, {'type': 'list_item', 'content': "Run the Python script `pidgin.py` to generate a file `pidgin.txt` containing 1000 'A' characters."}, {'type': 'list_item', 'content': 'Open Pidgin, navigate to "Accounts" > "Manage Accounts," and add a new account.'}, {'type': 'list_item', 'content': 'Paste the content of `pidgin.txt` into the "Username" field and enter any string (e.g., "1234") in the "Password" field.'}, {'type': 'list_item', 'content': 'After adding the account, right-click the Pidgin icon in the taskbar\'s hidden icons area, select "Join Chat...", and click "Join."'}, {'type': 'paragraph', 'content': 'If Pidgin crashes during this process, the vulnerability is present on the system.'}] [2]

Mitigation Strategies

Immediate mitigation steps include preventing local attackers from providing excessively long usernames during account creation in Pidgin 2.13.0.

  • Restrict local user access to the Pidgin application to trusted users only.
  • Monitor and limit input validation on username fields to reject overly long strings.
  • Consider upgrading to a patched version of Pidgin if available or applying any vendor-supplied patches.

Since the vulnerability requires local access and is triggered by malformed input, controlling user permissions and input validation are key immediate defenses.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25544. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart