Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Pidgin < 2.5.6 Multiple Buffer Overflow Vulnerabilities



The remote host is affected by multiple remote buffer overflow vulnerabilities.


The remote host is running Pidgin earlier than 2.5.6. Such versions are reportedly affected by multiple remote buffer overflow vulnerabilities :

- A buffer overflow issue in the 'decrypt_out()' function can be exploited through specially crafted 'QQ' packets. (CVE-2009-1374)

- A buffer maintained by PurpleCircBuffer which is used by XMPP and Sametime protocol plugins can be corrupted if it's exactly full and then more bytes are added to it. (CVE-2009-1375)

- A buffer overflow is possible when initiating a file transfer to a malicious buddy over XMPP. (CVE-2009-1373)

- An integer-overflow issue exists in the application due to a n incorrect typecasting of 'int64' to 'size_t'. (CVE-2009-1376)

Successful exploitation could allow an attacker to execute arbitrary code on the remote host.


Upgrade to Pidgin 2.5.6 or later.