Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2957 to the following vulnerability: The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. Proposed patch in CRISP Advisory 2007-01: http://crisp.cs.du.edu/crisp-files/pidgin-2.0.0-upnp-limit-download.diff References: http://crisp.cs.du.edu/?q=ca2007-1 http://www.securityfocus.com/bid/29985 http://www.openwall.com/lists/oss-security/2008/06/27/3
Upstream advisory: http://www.pidgin.im/news/security/?id=27 Fixed upstream in: 2.5.0