Pidgin < 2.5.6 Multiple Buffer Overflows
High Nessus Plugin ID 38866
SynopsisThe remote host is running an instant messaging client that is affected by multiple buffer overflow vulnerabilities.
DescriptionThe remote host is running Pidgin earlier than 2.5.6. Such versions are reportedly affected by multiple buffer overflow vulnerabilities :
- A buffer overflow is possible when initiating a file transfer to a malicious buddy over XMPP. (CVE-2009-1373)
- A buffer overflow issue in the 'decrypt_out()' function can be exploited through specially crafted 'QQ' packets.
- A buffer maintained by PurpleCircBuffer which is used by XMPP and Sametime protocol plugins can be corrupted if it's exactly full and then more bytes are added to it.
- An integer-overflow issue exists in the application due to an incorrect typecasting of 'int64' to 'size_t'.
SolutionUpgrade to Pidgin 2.5.6 or later.