pidgin is vulnerable to arbitrary code execution. The vulnerability exists as a buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol (XMPP). If a Pidgin client initiates a file transfer, and the remote target sends a malformed response, it could cause Pidgin to crash or, potentially, execute arbitrary code with the permissions of the user running Pidgin. This flaw only affects accounts using XMPP, such as Jabber and Google Talk.
debian.org/security/2009/dsa-1805
secunia.com/advisories/35188
secunia.com/advisories/35194
secunia.com/advisories/35202
secunia.com/advisories/35215
secunia.com/advisories/35294
secunia.com/advisories/35329
secunia.com/advisories/35330
www.gentoo.org/security/en/glsa/glsa-200905-07.xml
www.mandriva.com/security/advisories?name=MDVSA-2009:140
www.mandriva.com/security/advisories?name=MDVSA-2009:173
www.pidgin.im/news/security/?id=29
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2009-1059.html
www.redhat.com/support/errata/RHSA-2009-1060.html
www.securityfocus.com/bid/35067
www.ubuntu.com/usn/USN-781-1
www.ubuntu.com/usn/USN-781-2
www.vupen.com/english/advisories/2009/1396
access.redhat.com/errata/RHSA-2009:1060
bugzilla.redhat.com/show_bug.cgi?id=500488
exchange.xforce.ibmcloud.com/vulnerabilities/50682
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005
www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html
www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html
www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html