This host has installed pidgin and is prone to Multiple Buffer Overflow Vulnerabilities

Successful exploits allow attackers to run arbitrary code, corrupt memory and cause cause denial of service. Impact Level: Application

Upgrade to version 2.5.6 or later. http://pidgin.im/download/

The multiple flaws are due to, - a boundary error in the XMPP SOCKS5 'bytestream' server when initiating an outbound XMPP file transfer. - a boundary error in the 'decrypt_out()' function while processing malicious QQ packet. - a boundary error exists in the implementation of the 'PurpleCircBuffer' structure and can be exploited via vectors involving XMPP or Sametime protocol. - a truncation error in function 'libpurple/protocols/msn/slplink.c' and 'libpurple/protocols/msnp9/slplink.c' when processing MSN SLP messages with a crafted offset value.

Pidgin version prior to 2.5.6 on Windows.

• http://rhn.redhat.com/errata/RHSA-2009-1059.html
• http://secunia.com/advisories/35194
• http://secunia.com/advisories/35202
• http://xforce.iss.net/xforce/xfdb/50680

---

Updated on 2015-03-25