This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote host is running an instant messaging client that is
affected by multiple buffer overflow vulnerabilities.
The remote host is running Pidgin earlier than 2.5.6. Such versions
are reportedly affected by multiple buffer overflow vulnerabilities :
- A buffer overflow is possible when initiating a file
transfer to a malicious buddy over XMPP. (CVE-2009-1373)
- A buffer overflow issue in the 'decrypt_out()' function
can be exploited through specially crafted 'QQ' packets.
- A buffer maintained by PurpleCircBuffer which is used by
XMPP and Sametime protocol plugins can be corrupted if
it's exactly full and then more bytes are added to it.
- An integer-overflow issue exists in the application due
to an incorrect typecasting of 'int64' to 'size_t'.
See also :
Upgrade to Pidgin 2.5.6 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true