Vulnerability Management

Libpurple vulnerability leads to remote code execution

Kaspersky Labs has disclosed a vulnerability in libpurple that if exploited could allow remote code execution.

Libpurple is a graphical IM program used in the development of several instant messaging programs, including Pidgin and Adium on the MacOS, Windows Linux and Unix platforms. This flaw can be found in Adium 1.5.10.2 and Pidgin 2.12.0 and was first reported on March 15 by a researcher going by the name Erythronium on Adium's and Pidgin's developer's forums, Kaspersky Labs' Threatpost reported.

The flaw, listed as CVE-2017-2640, has been patched in Pidgin, but Adium has not responded. According to a Pidgin advisory, the vulnerability is “An out-of-bounds write when invalid xml is sent by a malicious server.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.