Summary
This host has Pidgin installed and is prone to Denial of Service vulnerabilities.
Impact
Attackers can exploit this issue to crash an affected application.
Impact Level: Application
Solution
Upgrade to Pidgin version 2.7.4 or later.
For updates refer to http://pidgin.im/download
Insight
The issues are caused by errors in 'libpurple' that does not validate the return value from 'purple_base64_decode()' function when processing malformed Yahoo!, MSN, MySpaceIM, XMPP or NTLM data.
Affected
Pidgin version prior to 2.7.4 on Windows.
References
Severity
Classification
-
CVE CVE-2010-3711 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:N/I:N/A:P
Related Vulnerabilities
- AyeView GIF Image Handling Denial of Service Vulnerability
- ClamAV LZH File Unpacking Denial of Service Vulnerability (Linux)
- ejabberd XML Parsing Denial of Service Vulnerability (Windows)
- Apache APR-Utils Multiple Denial of Service Vulnerabilities
- Apple Safari Denial of Service Vulnerability (Win) - Apr09