CVE-2011-4602

Name of the Vulnerable Software and Affected Versions Pidgin versions prior to 2.10.1

Description The issue arises from the XMPP protocol plugin in libpurple not properly handling missing fields in voice-chat and video-chat stanzas. This allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted message.

Recommendations For versions prior to 2.10.1, update to version 2.10.1 or later to resolve the issue. As a temporary workaround, consider disabling the voice-chat and video-chat features until a patch is available. Restrict access to these features to minimize the risk of exploitation.