4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
pidgin is vulnerable to denial of service. Multiple NULL pointer dereference flaws were found in the way Pidgin handled Base64 decoding. A remote attacker could use these flaws to crash Pidgin if the target Pidgin user was using the Yahoo! Messenger Protocol, MSN, MySpace, or Extensible Messaging and Presence Protocol (XMPP) protocol plug-ins, or using the Microsoft NT LAN Manager (NTLM) protocol for authentication.
developer.pidgin.im/viewmtn/revision/info/b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc
lists.fedoraproject.org/pipermail/package-announce/2010-November/050227.html
lists.fedoraproject.org/pipermail/package-announce/2010-November/050695.html
lists.fedoraproject.org/pipermail/package-announce/2010-October/050133.html
pidgin.im/news/security/?id=48
secunia.com/advisories/41893
secunia.com/advisories/41899
secunia.com/advisories/42075
secunia.com/advisories/42294
securitytracker.com/id?1024623
slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462352
www.mandriva.com/security/advisories?name=MDVSA-2010:208
www.osvdb.org/68773
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2010-0788.html
www.redhat.com/support/errata/RHSA-2010-0890.html
www.securityfocus.com/bid/44283
www.ubuntu.com/usn/USN-1014-1
www.vupen.com/english/advisories/2010/2753
www.vupen.com/english/advisories/2010/2754
www.vupen.com/english/advisories/2010/2755
www.vupen.com/english/advisories/2010/2847
www.vupen.com/english/advisories/2010/2851
www.vupen.com/english/advisories/2010/2870
access.redhat.com/errata/RHSA-2010:0890
bugzilla.redhat.com/show_bug.cgi?id=641921
exchange.xforce.ibmcloud.com/vulnerabilities/62708
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18506