Pidgin < 2.7.10 Information Disclosure
Medium Nessus Plugin ID 52042
SynopsisAn instant messaging client installed on the remote Windows host is affected by an information disclosure vulnerability.
DescriptionThe version of Pidgin installed on the remote host is earlier than 2.7.10. Such versions are potentially affected by an information disclosure vulnerability because the application does not properly clear certain data structures used in 'libpurple/cipher.c' prior to freeing. An attacker, exploiting this flaw, could potentially extract partial information from memory regions freed by libpurple.
SolutionUpgrade to Pidgin 2.7.10 or later.