Fluid Attacks Database

Description

Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	pidgin-otr	>=0 <3.2.1-1	3.2.1-1
debian 11	pidgin-otr	>=0 <3.2.1-1	3.2.1-1
debian 12	pidgin-otr	>=0 <3.2.1-1	3.2.1-1

Aliases

1. CVE-2012-23692. NVD-2012-23693. OSV-DEBIAN-2012-23694. OSV-2012-23695. SECURITY-TRACKER-CVE-2012-2369

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.