14 DAY TRIAL // Pidgin 2.10.2, the latest version of the popular instant messaging application, not only brings functionality improvements, but also some security fixes. The bugs that existed may have caused the application to crash, potentially allowing a remote attacker to execute arbitrary code.
A possible MSN remote crash, identified by Thijs Alkemade on January 17, 2012, was addressed by verifying the incoming text to ensure that it was UTF-8 and in case it was not, sanitize it.
Because the prior versions of Pidgin did not verify this, in certain situations the application could have been caused to crash while attempting to display a piece of text.
The second issue refers to an XMPP remote crash discovered by Clemens Huebner and Kevin Stange back in the summer of 2011. They found that certain types of nickname changes in the XMPP chatrooms can provoke a NULL pointer dereference.
In order to prevent the application from crashing in these situations, the NULL must be checked before using a struct.
Pidgin 2.10.2 for Windows is available for download here Pidgin 2.10.2 for Linux is available for download here