Pidgin < 2.10.5 mxit_show_message Function RX Message Inline Image Parsing Remote Overflow

High Nessus Plugin ID 59969


An instant messaging client installed on the remote Windows host is affected by a buffer overflow vulnerability.


The version of Pidgin installed on the remote host is earlier than 2.10.5. As such, it is potentially affected by a stack-based buffer overflow vulnerability.

An error in the function 'mxit_show_message' in the file 'libpurple/protocols/mxit/markup.c' can allow a stack-based buffer overflow to occur when parsing a received message containing inline images. This can result in application crashes and potentially arbitrary code execution.


Upgrade to Pidgin 2.10.5 or later.

See Also

Plugin Details

Severity: High

ID: 59969

File Name: pidgin_2_10_5.nasl

Version: $Revision: 1.3 $

Type: local

Agent: windows

Family: Windows

Published: 2012/07/13

Modified: 2016/05/16

Dependencies: 34205

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:pidgin:pidgin

Required KB Items: SMB/Pidgin/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2012/07/02

Vulnerability Publication Date: 2012/07/02

Reference Information

CVE: CVE-2012-3374

BID: 54322

OSVDB: 83605