CVE-2013-6485

Name of the Vulnerable Software and Affected Versions Pidgin versions prior to 2.10.8

Description The issue is related to a buffer overflow in the libpurple library, specifically in the util.c file. This can be triggered by remote HTTP servers sending an invalid chunk-size field in chunked transfer-coding data, potentially leading to a denial of service or other unspecified impacts. The vulnerability is also associated with the process chuked data function, which, when exploited, could allow a remote attacker to cause a denial of service or possibly execute arbitrary code by manipulating HTTP requests.

Recommendations For versions prior to 2.10.8, update to version 2.10.8 or later to resolve the issue. As a temporary workaround, consider restricting access to HTTP servers that may send malicious chunked transfer-coding data until the update is applied.