Pidgin is an instant messaging program which can log in to multipleaccounts on multiple instant messaging networks simultaneously.Multiple NULL pointer dereference flaws were found in the way Pidginhandled Base64 decoding. A remote attacker could use these flaws to crashPidgin if the target Pidgin user was using the Yahoo! Messenger Protocol,MSN, MySpace, or Extensible Messaging and Presence Protocol (XMPP) protocolplug-ins, or using the Microsoft NT LAN Manager (NTLM) protocol forauthentication. (CVE-2010-3711)A NULL pointer dereference flaw was found in the way the Pidgin MSNprotocol plug-in processed custom emoticon messages. A remote attackercould use this flaw to crash Pidgin by sending specially-crafted emoticonmessages during mutual communication. (CVE-2010-1624)Red Hat would like to thank the Pidgin project for reporting these issues.Upstream acknowledges Daniel Atallah as the original reporter ofCVE-2010-3711, and Pierre Noguès of Meta Security as the original reporterof CVE-2010-1624.All Pidgin users should upgrade to these updated packages, which containbackported patches to resolve these issues. Pidgin must be restarted forthis update to take effect.