icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Pidgin < 2.5.6 Multiple Buffer Overflow Vulnerabilities

High

Synopsis

The remote host is affected by multiple remote buffer overflow vulnerabilities.

Description

The remote host is running Pidgin earlier than 2.5.6. Such versions are reportedly affected by multiple remote buffer overflow vulnerabilities :

- A buffer overflow issue in the 'decrypt_out()' function can be exploited through specially crafted 'QQ' packets. (CVE-2009-1374)

- A buffer maintained by PurpleCircBuffer which is used by XMPP and Sametime protocol plugins can be corrupted if it's exactly full and then more bytes are added to it. (CVE-2009-1375)

- A buffer overflow is possible when initiating a file transfer to a malicious buddy over XMPP. (CVE-2009-1373)

- An integer-overflow issue exists in the application due to a n incorrect typecasting of 'int64' to 'size_t'. (CVE-2009-1376)

Successful exploitation could allow an attacker to execute arbitrary code on the remote host.

Solution

Upgrade to Pidgin 2.5.6 or later.