logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2012-2369

Description

Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message. #### Bugs * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673154> * <https://bugs.launchpad.net/ubuntu/+source/pidgin-otr/+bug/1000363> #### Notes Author| Note ---|--- [sbeattie](<https://launchpad.net/~sbeattie>) | should be mitigated by -D_FORTIFY_SOURCE=2


Affected Package


OS OS Version Package Name Package Version
ubuntu 10.04 pidgin-otr 3.2.0-5ubuntu0.10.04.1
ubuntu 11.04 pidgin-otr 3.2.0-5ubuntu0.11.04.1
ubuntu 11.10 pidgin-otr 3.2.0-5ubuntu0.11.14.1
ubuntu 12.04 pidgin-otr 3.2.0-5ubuntu0.12.04.1
ubuntu upstream pidgin-otr 3.2.1

Related