CVE-2012-2369

Name of the Vulnerable Software and Affected Versions pidgin-otr versions prior to 3.2.1

Description The issue is related to a format string vulnerability in the log message cb function in otr-plugin.c. This vulnerability might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message. The vulnerability can be exploited remotely and may lead to a breach of confidentiality, integrity, and availability of protected information.

Recommendations For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider disabling the log message cb function until a patch is available. Restrict access to the otr-plugin.c module to minimize the risk of exploitation. Avoid using format string specifiers in data that generates a log message until the issue is resolved.