KLA10781
Code execution vulnerability in pidgin-otr plugin.

Use-after-free vulnerability was found in Off-the-Record Messaging (OTR) pidgin-otr plugin. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via vectors related to the “Authenticate buddy” menu item.

Technical details

This vulnerability is in the create_smp_dialog function in gtk-dialog.c and related to the “Authenticate buddy” menu item.

Off-the-Record Messaging (OTR) pidgin-otr plugin versions earlier 4.0.2

Update to the latest version
Download page with latest version of pidgin-otr plugin