CVE-2014-3698

The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.

Date published : 2014-10-29

http://hg.pidgin.im/pidgin/main/rev/ea46ab68f0dc

http://pidgin.im/news/security/?id=90