14 DAY TRIAL // The latest variant of the popular open source instant messaging application, Pidgin 2.10.1, comes with several functionality bug fixes, but also with some important ones that resolve flaws which could have allowed an attacker to launch a malicious operation.
One of the issues, reported by Evgeny Boger, could have been taken advantage of to remotely crash the application. This could occur while receiving messages related to requesting or receiving authorization for adding a contact, due to the fact that the Oscar protocol plug-in failed to validate if a piece of text was UTF-8.
The SILC protocol failed at the same thing, in two different pieces of code, when a message was received.
The last security flaw, reported by Thijs Alkemade, refers to the fact that the XMPP protocol pug-in failed to insure that an incoming message contained all the required fields, causing the application to crash.
Since all the prior variants contained the weaknesses, users are advised to update Pidgin to the 2.10.1 version to make sure they’re protected against a potential cyberattack.
Pidgin 2.10.1 for Windows is available for download here Pidgin 2.10.1 for Linux is available for download here