CVE-2009-3085

Name of the Vulnerable Software and Affected Versions Pidgin versions prior to 2.6.2 libpurple versions prior to 2.6.2

Description The issue concerns the XMPP protocol plugin in libpurple, which does not properly handle an error in the IQ stanza during an attempt to fetch a custom smiley. This allows remote attackers to cause a denial of service, resulting in the application crashing, via XHTML-IM content with "cid:" images. Multiple vulnerabilities in the libpurple package in Red Hat Enterprise Linux can be exploited remotely, leading to a disruption of protected information availability.

Recommendations For Pidgin versions prior to 2.6.2, update to version 2.6.2 or later to resolve the issue. For libpurple versions prior to 2.6.2, update to version 2.6.2 or later to resolve the issue. As a temporary workaround, consider disabling the custom smiley feature until a patch is available. Restrict access to the XMPP protocol plugin to minimize the risk of exploitation.