This host has Pidgin installed and is prone to multiple Denial of Service vulnerabilities. Vulnerabilities Insight: - An error in libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple can trigger a NULL-pointer dereference when processing TOPIC messages which lack a topic string. - An error in the 'msn_slp_sip_recv' function in libpurple/protocols/msn/slp.c in the MSN protocol can trigger a NULL-pointer dereference via an SLP invite message missing expected fields. - An error in the 'msn_slp_process_msg' function in libpurple/protocols/msn/ slpcall.c in the MSN protocol when converting the encoding of a handwritten message can be exploited by improper utilisation of uninitialised variables. - An error in the XMPP protocol plugin in libpurple is fails to handle an error IQ stanza during an attempted fetch of a custom smiley is processed via XHTML-IM content with cid: images.

Attackers can exploit this issue to execute arbitrary code, corrupt memory and cause the application to crash. Impact Level: System/Application

Upgrade to Pidgin version 2.6.2 http://pidgin.im/download

Pidgin version prior to 2.6.2 on Windows.

• http://developer.pidgin.im/ticket/10159
• http://secunia.com/advisories/36601
• http://www.pidgin.im/news/security/?id=37
• http://www.pidgin.im/news/security/?id=38
• http://www.pidgin.im/news/security/?id=39
• http://www.pidgin.im/news/security/?id=40

---

Updated on 2015-03-25