Red Hat Bugzilla – Bug 819449
CVE-2012-2214 pidgin: Invalid memory dereference in the XMPP protocol plug-in by processing serie of specially-crafted file transfer requests
Last modified: 2012-07-11 01:17:09 EDT
A denial service flaw was found in the way XMPP protocol plug-in of Pidgin, a Gtk+ based multiprotocol instant messaging client, performed cleanup for certain SOCKS5 connections. A remote attacker, being present on the buddy list of the victim, and able to trick the victim into accepting of a serie of specially-crafted XMPP file transfer requests, could use this flaw to cause pidgin executable crash.
Relevant upstream patch:
This issue affects the versions of the pidgin package, as shipped with Red Hat Enterprise Linux 5 and 6.
This issue affects the versions of the pidgin package, as shipped with Fedora release of 15 and 16. Please schedule an update.
Created pidgin tracking bugs for this issue
Affects: fedora-all [bug 819454]
The duplicate CVE identifier of CVE-2012-2323 has been also assigned to this issue by mistake:
But CVE-2012-2214 one should be used when referencing to this deficiency (CVE-2012-2323 will rejected as duplicate of CVE-2012-2214).
Upstream v2.10.4 announcement:
Not Vulnerable. This issue does not affect the version of pidgin as shipped with Red Hat Enterprise Linux 5 and 6.