CVE-2010-2528

Name of the Vulnerable Software and Affected Versions Pidgin versions prior to 2.7.2

Description The issue allows remote authenticated users to cause a denial of service, resulting in a NULL pointer dereference and application crash. This is achieved by sending an X-Status message that lacks the expected end tag for a desc or title element.

Recommendations For versions prior to 2.7.2, update to version 2.7.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the clientautoresp function in the oscar protocol plugin until a patch is available.