CVE-2009-2703

Name of the Vulnerable Software and Affected Versions Pidgin version 2.6.2 libpurple versions prior to 2.6.2

Description The issue allows remote IRC servers to cause a denial of service through a TOPIC message that lacks a topic string, resulting in a NULL pointer dereference and application crash. Multiple vulnerabilities in the libpurple package may lead to disruption of protected information availability, and exploitation can be carried out remotely.

Recommendations For Pidgin version 2.6.2, update to a version newer than 2.6.2 to resolve the issue. For libpurple versions prior to 2.6.2, update to version 2.6.2 or newer to resolve the issue. As a temporary workaround, consider restricting access to the IRC protocol plugin in libpurple to minimize the risk of exploitation.