Pidgin contains a flaw that may allow a remote denial of service. The issue is triggered the 'purple_base64_decode()' function's return value is not validated properly, which may be exploited to cause a NULL pointer dereference error via crafted Base64 encoded messages, resulting in a loss of availability.

Upgrade to version 2.7.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1024623
• CVE ID: 2010-3711 (see also: NVD)
• Secunia Advisory ID: 41893 41899 42075 42107 42294
• ISS X-Force ID: 62708
• VUPEN Advisory: ADV-2010-2753 ADV-2010-2754 ADV-2010-2755 ADV-2010-2870
• Vendor Specific News/Changelog Entry: http://developer.pidgin.im/viewmtn/revision/info/b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc
  http://pidgin.im/news/security/?id=48
  https://bugzilla.redhat.com/show_bug.cgi?id=641921
• Vendor Specific Advisory URL: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050227.html
  http://www.ubuntu.com/usn/usn-1014-1
• Other Advisory URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:208
• RedHat RHSA: https://rhn.redhat.com/errata/RHSA-2010-0890.html
  RHSA-2010:0788

• Daniel Atallah