Daniel Atallah

**Name of the Vulnerable Software and Affected Versions** Pidgin versions prior to 2.10.8 **Description** The issue is related to the IRC protocol plugin in libpurple, which does not validate argument counts. This allows remote IRC servers to cause a denial of service, resulting in the application crashing, by sending a specially crafted message. **Recommendations** For versions prior to 2.10.8, update to version 2.10.8 or later to resolve the issue. As a temporary workaround, consider restricting access to untrusted IRC servers to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pidgin versions prior to 2.7.4 **Description** The issue is related to the improper validation of the return value of the `purple base64 decode` function in libpurple, which can be exploited by remote authenticated users to cause a denial of service. This can result in a NULL pointer dereference and application crash via a crafted message. The problem is associated with plugins for MSN, MySpaceIM, XMPP, and Yahoo!, as well as the NTLM authentication support. **Recommendations** For versions prior to 2.7.4, update to version 2.7.4 or later to resolve the issue.