U-207: Pidgin 'mxit_show_message()' Function Stack-Based Buffer Overflow Vulnerability

July 9, 2012 - 7:00am

PROBLEM:

Pidgin 'mxit_show_message()' Function Stack-Based Buffer Overflow Vulnerability.

PLATFORM:

Versions prior to Pidgin 2.10.5 vulnerable.

ABSTRACT:

Pidgin is prone to a stack-based buffer-overflow vulnerability

REFERENCE LINKS:

The Vendor's Advisory
Bugtraq ID: 54322
CVE-2012-3374

IMPACT ASSESSMENT:

Medium

Discussion:

Incorrect handing of inline images in incoming instant messages can cause a buffer overflow and in some cases can be exploited to execute arbitrary code.

Impact:

Successful exploits of the buffer-overflow issue may lead to the execution of arbitrary code in the context of the application or to denial-of-service conditions.

Solution:

The vendor has issued a fix. Pidgin 2.10.5.

JC3 Contact:

Voice:Hotline at 1-866-941-2472

World Wide Web: http://energy.gov/cio/services/incident-management

E-mail: circ@jc3.doe.gov

JC3 services are available to JC3-Joint Cybersecurity Coordination Center, and JC3 Contractors.

Energy.gov

Office of the Chief Information Officer

Office of the Chief Information Officer

All Offices

You are here