FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

pidgin-otr -- format string vulnerability

Affected packages
pidgin-otr < 3.2.1

Details

VuXML ID aa71daaa-9f8c-11e1-bd0a-0082a0c18826
Discovery 2012-05-16
Entry 2012-05-16

The authors report:

Versions 3.2.0 and earlier of the pidgin-otr plugin contain a format string security flaw. This flaw could potentially be exploited by a remote attacker to cause arbitrary code to be executed on the user's machine.

The flaw is in pidgin-otr, not in libotr. Other applications that use libotr are not affected.

References

CVE Name CVE-2012-2369
URL http://www.cypherpunks.ca/otr/