[Bug 1022012] [NEW] (CVE-2012-3374)

Fri, 06 Jul 2012 23:40:59 -0700 

*** This bug is a security vulnerability ***

Public security bug reported:

A new update, version 2.10.5, to the open source Pidgin instant messaging 
program has been released, closing an important security hole. Previous 
versions of Pidgin contained a vulnerability, discovered by Ulf Härnhammar, in 
the MXit component, where parsing incoming messages with inline images led to a 
buffer overflow.
The developers say that this could have been exploited by an attacker to 
execute arbitrary code on a victim's system by using a specially crafted 
message. Versions up to and including 2.10.4 are affected. Upgrading to Pidgin 
2.10.5 fixes the problem; all users are advised to upgrade. Other bugs, 
including an issue that caused the application to crash, have also been fixed.

http://www.pidgin.im/news/security/index.php?id=64

** Affects: pidgin (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: pidgin (Fedora)
     Importance: Unknown
         Status: Unknown

** Affects: gentoo
     Importance: Unknown
         Status: Unknown

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3374

** Summary changed:

- Pidgin IM client update fixes buffer overflow vulnerability
+ (CVE-2012-3374) <pidgin-2.10.5: MXit buffer overflow

** Bug watch added: Gentoo Bugzilla #425076
   https://bugs.gentoo.org/show_bug.cgi?id=425076

** Also affects: gentoo via
   https://bugs.gentoo.org/show_bug.cgi?id=425076
   Importance: Unknown
       Status: Unknown

** Bug watch added: Red Hat Bugzilla #837319
   https://bugzilla.redhat.com/show_bug.cgi?id=837319

** Also affects: pidgin (Fedora) via
   https://bugzilla.redhat.com/show_bug.cgi?id=837319
   Importance: Unknown
       Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1022012

Title:
  (CVE-2012-3374) <pidgin-2.10.5: MXit buffer overflow

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/1022012/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to