Release date:
Updated on:
Affected Systems:
Pidgin 2.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57954
CVE (CAN) ID: CVE-2013-0273, CVE-2013-0274
The "mw_prpl_normalize ()" function in libpurple/protocols/sametime. c has an error. If the length of the user ID exceeds 4096 bytes, the affected software will crash. CVE-2013-0273)
Libpurple/upnp. "upnp_parse_description_cb ()", "Forward ()", "looked_up_public_ip_cb ()", "looked_up_internal_ip_cb ()", "Forward ()", and "Forward ()" in c () "function errors occur when processing UPnP requests, causing the affected software to crash when receiving ultra-long UPnP responses. CVE-2013-0274)
<* Source: Coverity static analysis
Link: http://secunia.com/advisories/52178/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Pidgin
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.pidgin.im/news/security/