A Heap-based buffer overflow was found in the way pidgin processed chunked HTTP responses. A malicious server or man-in-the-middle could send a large value for Content-Length and cause an integer overflow which could lead to a buffer overflow. This could cause pidgin to crash or possibly execute arbitary code with the permissions of the user running pidgin. Acknowledgements: Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Matt Jones of Volvent as the original reporter of this issue.
Created attachment 855927 [details] Local copy of patch
External References: http://pidgin.im/news/security/?id=80
Created pidgin tracking bugs for this issue: Affects: fedora-all [bug 1059049]
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2014:0139 https://rhn.redhat.com/errata/RHSA-2014-0139.html
pidgin-2.10.9-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
pidgin-2.10.9-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.