Pidgin Security Advisory

TitleCipher API information disclosure
Discovered ByJulia Lawall
SummaryPotential local information disclosure in libpurple
DescriptionIt was discovered that libpurple versions prior to 2.7.10 do not properly clear certain data structures used in libpurple/cipher.c prior to freeing. An attacker could potentially extract partial information from memory regions freed by libpurple.
Fixed in Revision8c850977cb42
Fixed in Version2.7.10
FixProper structure clearing has been implemented.

Return to Security Advisory Index