Evgeny Boger

**Name of the Vulnerable Software and Affected Versions** Pidgin versions prior to 2.10.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, by sending a crafted message. This can be achieved through a specially designed AIM or ICQ message associated with buddy-list addition. The problem stems from insufficient UTF-8 validation on message data in the oscar protocol plugin. **Recommendations** For versions prior to 2.10.1, update to version 2.10.1 or later to resolve the issue.