Multiple vulnerabilities have been reported in Pidgin
Vulnerabilities are reported in version 2.10.6. Prior versions may also be affected.
Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system.
1) An error within the MXit protocol plugin when saving images can be exploited to overwrite certain files.
2) A boundary error within the "mxit_cb_http_read()" function (libpurple/protocols/mxit/http.c) when parsing incoming HTTP headers can be exploited to cause a stack-based buffer overflow via a specially crafted HTTP header.
3) An error within the "mw_prpl_normalize()" function (libpurple/protocols/sametime/sametime.c) when handling user ID longer than 4096 bytes can be exploited to cause a crash.
4) Some errors within the "upnp_parse_description_cb()", "purple_upnp_discover_send_broadcast()", "looked_up_public_ip_cb()", "looked_up_internal_ip_cb()", "purple_upnp_set_port_mapping()", and "purple_upnp_remove_port_mapping()" functions (libpurple/upnp.c) when handling UPnP requests can be exploited to cause crashes.
Successful exploitation of the vulnerabilities allows execution of arbitrary code.
Update to version 2.10.7.