A flaw was found in the way XMPP messages were parsed. A malicious server or possibly a remote attacker could send a crafted XMPP message that would cause Pidgin to send an XMPP message containing arbitrary memory. Acknowledgements: Name: the Pidgin project Upstream: Thijs Alkemade, Paul Aurich
Created attachment 948789 [details] patch from upstream
Public now: http://www.pidgin.im/news/security/?id=90
Created pidgin tracking bugs for this issue: Affects: fedora-all [bug 1155838]
pidgin-2.10.10-2.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
pidgin-2.10.10-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Analysis: In code of jutil.c, jid being calloced, missing g_strndup would lead to NULL derefs in callers, which wont be something typically leading to info leaks and attacker wont get much even if in any scenario is able to read arbitrary memory.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:1854 https://access.redhat.com/errata/RHSA-2017:1854