Pidgin Libpurple 'purple_base64_decode()' Denial Of Service Vulnerabilities (Win) Network Vulnerability

Summary

This host has Pidgin installed and is prone to Denial of Service vulnerabilities.

Impact

Attackers can exploit this issue to crash an affected application. Impact Level: Application

Solution

Upgrade to Pidgin version 2.7.4 or later. For updates refer to http://pidgin.im/download

Insight

The issues are caused by errors in 'libpurple' that does not validate the return value from 'purple_base64_decode()' function when processing malformed Yahoo!, MSN, MySpaceIM, XMPP or NTLM data.

Affected

Pidgin version prior to 2.7.4 on Windows.

References

http://pidgin.im/news/security/?id=48
http://securitytracker.com/alerts/2010/Oct/1024623.html
http://www.vupen.com/english/advisories/2010/2753
http://xforce.iss.net/xforce/xfdb/62708

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3711
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:N/I:N/A:P

Related Vulnerabilities

AyeView GIF Image Handling Denial of Service Vulnerability
ClamAV LZH File Unpacking Denial of Service Vulnerability (Linux)
ejabberd XML Parsing Denial of Service Vulnerability (Windows)
Apache APR-Utils Multiple Denial of Service Vulnerabilities
Apple Safari Denial of Service Vulnerability (Win) - Apr09

Pidgin Libpurple 'purple_base64_decode()' Denial of Service Vulnerabilities (Win)

Take action and discover your vulnerabilities