Pidgin < 2.9.0 gdk_pixbuf__gif_image_load() Denial of Service

medium Nessus Plugin ID 55436

Synopsis

An instant messaging client installed on the remote Windows host is affected by a denial of service vulnerability.

Description

The version of Pidgin installed on the remote host is earlier than 2.9.0. As such, it is potentially affected by a denial of service vulnerability.

The function 'gdk_pixbuf__gif_image_load' contains an error that allows a crafted GIF image file, when used as a buddy image, to cause memory exhaustion and finally process termination.

Solution

Upgrade to Pidgin 2.9.0 or later.

See Also

http://pidgin.im/news/security/?id=52

http://developer.pidgin.im/wiki/ChangeLog

Plugin Details

Severity: Medium

ID: 55436

File Name: pidgin_2_9_0.nasl

Version: 1.5

Type: local

Agent: windows

Family: Windows

Published: 6/27/2011

Updated: 7/24/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:pidgin:pidgin

Required KB Items: SMB/Pidgin/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 6/23/2011

Vulnerability Publication Date: 6/24/2011

Reference Information

CVE: CVE-2011-2485

BID: 48425

Secunia: 45037