CVE-2013-6487

Name of the Vulnerable Software and Affected Versions Pidgin versions prior to 2.10.8

Description The issue is related to an integer overflow in the Gadu-Gadu parser, which can be triggered by a large Content-Length value, potentially leading to a buffer overflow. This can allow remote attackers to have an unspecified impact. The vulnerability is also described as allowing a remote attacker to cause a denial of service or execute arbitrary code by manipulating HTTP requests to the gadu-gadu.pl domain.

Recommendations For versions prior to 2.10.8, update to version 2.10.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the gg http watch fd function to minimize the risk of exploitation. Avoid using the vulnerable Gadu-Gadu parser until the issue is resolved.