Pidgin Security Advisory
| Title | Remote MXit user could specify local file path |
|---|---|
| Date | 2013-02-13 |
| CVE Name | CVE-2013-0271 |
| Discovered By | Chris Wysopal, Veracode |
| Description | The MXit protocol plugin saves an image to local disk using a filename that could potentially be partially specified by the IM server or by a remote user. |
| Fixed in Revision | a8aef1d340f2 |
| Fixed in Version | 2.10.7 |
| Fix | Escape values that come from the network before using them in filenames. |
