06 Jul 2012
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
A vulnerability has been reported in Pidgin, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the "mxit_show_message()" function (libpurple/protocols/mxit/markup.c) when parsing incoming messages containing inline images. This can be exploited to cause a stack-based buffer overflow via a specially crafted RX message.
Successful exploitation of the vulnerability may allow execution of arbitrary code.
The vulnerability is reported in versions prior to 2.10.5.
Update to version 2.10.5.
The vendor credits Ulf Härnhammar.