upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging. Rated low severity (CVSS 2.9). No vendor patch available.
Denial Of Service
Pidgin
NVD
CVSS 2.0
2.9
EPSS
0.5%