Fluid Attacks Database

Description

libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	pidgin	>=0 <2.7.4-1	2.7.4-1
debian 11	pidgin	>=0 <2.7.4-1	2.7.4-1
debian 12	pidgin	>=0 <2.7.4-1	2.7.4-1
debian 13	pidgin	>=0 <2.7.4-1	2.7.4-1
rpm rhel5	pidgin	<0:2.6.6-5.el5_5	0:2.6.6-5.el5_5
rpm rhel6	pidgin	<0:2.6.6-6.el6_0	0:2.6.6-6.el6_0

Aliases

1. CVE-2010-37112. NVD-2010-37113. OSV-DEBIAN-2010-37114. OSV-2010-37115. SECURITY-TRACKER-CVE-2010-3711

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.