Ubuntu Security Notice 1273-1 - Marius Wachtler discovered that Pidgin incorrectly handled malformed YMSG messages in the Yahoo! protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS and 10.10. Marius Wachtler discovered that Pidgin incorrectly handled HTTP 100 responses in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. Various other issues were also addressed.
427e2e9a5b920f0b25f9f9b3c39fe9ad971c32495eb39a7878a1e2fcbfef91ee
Red Hat Security Advisory 2011-1371-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the Pidgin SILC protocol plug-in escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted SILC message. Multiple NULL pointer dereference flaws were found in the way the Pidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote attacker could use these flaws to crash Pidgin via a specially-crafted notification message.
f0ad974a63999ee0a2da67fe7b5c6434dc5657a1919e71a6c7d833f173143ae6
Mandriva Linux Security Advisory 2011-050 - It was discovered that libpurple versions prior to 2.7.10 do not properly clear certain data structures used in libpurple/cipher.c prior to freeing. An attacker could potentially extract partial information from memory regions freed by libpurple. The Yahoo protocol plugin in libpurple versions 2.6.0 through 2.7.10 do not properly handle malformed YMSG packets, leading to NULL pointer dereferences and application crash.
6946f9cf77da9559208045f1b25444c5b5032dbb9a51384c41139be8a379b5d6