Pidgin < 2.10.5 mxit_show_message Function RX Message Inline Image Parsing Remote Overflow

high Nessus Plugin ID 59969

Synopsis

An instant messaging client installed on the remote Windows host is affected by a buffer overflow vulnerability.

Description

The version of Pidgin installed on the remote host is earlier than 2.10.5. As such, it is potentially affected by a stack-based buffer overflow vulnerability.

An error in the function 'mxit_show_message' in the file 'libpurple/protocols/mxit/markup.c' can allow a stack-based buffer overflow to occur when parsing a received message containing inline images. This can result in application crashes and potentially arbitrary code execution.

Solution

Upgrade to Pidgin 2.10.5 or later.

See Also

https://bitbucket.org/pidgin/

http://www.pidgin.im/news/security/?id=64

Plugin Details

Severity: High

ID: 59969

File Name: pidgin_2_10_5.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 7/13/2012

Updated: 12/4/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2012-3374

Vulnerability Information

CPE: cpe:/a:pidgin:pidgin

Required KB Items: SMB/Pidgin/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 7/2/2012

Vulnerability Publication Date: 7/2/2012

Reference Information

CVE: CVE-2012-3374

BID: 54322