Fluid Attacks Database

Description

Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	pidgin	>=0 <2.10.6-1	2.10.6-1
debian 13	pidgin	>=0 <2.10.6-1	2.10.6-1
debian 14	pidgin	>=0 <2.10.6-1	2.10.6-1
debian 11	pidgin	>=0 <2.10.6-1	2.10.6-1
rpm rhel5	pidgin	<0:2.6.6-11.el5.4	0:2.6.6-11.el5.4
rpm rhel6	pidgin	<0:2.7.9-5.el6.2	0:2.7.9-5.el6.2

Aliases

1. CVE-2012-33742. NVD-2012-33743. OSV-DEBIAN-2012-33744. OSV-2012-33745. SECURITY-TRACKER-CVE-2012-3374

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.