You are here

U-207: Pidgin 'mxit_show_message()' Function Stack-Based Buffer Overflow Vulnerability

July 9, 2012 - 7:00am

Addthis

PROBLEM:

Pidgin 'mxit_show_message()' Function Stack-Based Buffer Overflow Vulnerability.

PLATFORM:

Versions prior to Pidgin 2.10.5 vulnerable.

ABSTRACT:

Pidgin is prone to a stack-based buffer-overflow vulnerability

REFERENCE  LINKS:

The Vendor's Advisory
Bugtraq ID: 54322
CVE-2012-3374

IMPACT ASSESSMENT:

Medium

Discussion:

Incorrect handing of inline images in incoming instant messages can cause a buffer overflow and in some cases can be exploited to execute arbitrary code.

Impact:

Successful exploits of the buffer-overflow issue may lead to the execution of arbitrary code in the context of the application or to denial-of-service conditions.

Solution:

The vendor has issued a fix. Pidgin 2.10.5.

 

Addthis