Description
An input sanitization flaw was found in the way the AOL Open System for
Communication in Realtime (OSCAR) protocol plug-in in Pidgin, used by the
AOL ICQ and AIM instant messaging systems, escaped certain UTF-8
characters. A remote attacker could use this flaw to crash Pidgin via a
specially-crafted OSCAR message. (CVE-2011-4601)
An input sanitization flaw was found in the way the Pidgin SILC (Secure
Internet Live Conferencing) protocol plug-in escaped certain UTF-8
characters in channel messages. A remote attacker could use this flaw to
crash Pidgin via a specially-crafted SILC message. (CVE-2011-4603)
Multiple NULL pointer dereference flaws were found in the Jingle extension
of the Extensible Messaging and Presence Protocol (XMPP) protocol plug-in
in Pidgin. A remote attacker could use these flaws to crash Pidgin via a
specially-crafted Jingle multimedia message. (CVE-2011-4602)