libpurple is a library used to provide instant messaging functionality. It is used by the Pidgin and Adium IM clients. The library is exposed to an information disclosure issue. Specifically, the issue exists because OTR (off-the-record) messages are broadcast in plain text through DBUS. libpurple versions prior to 2.10.1, pidgin versions prior to 2.10.1 and pidgin-otr versions prior to 3.2.0 are affected.
Ref: http://www.securityfocus.com/bid/52175/references http://census-labs.com/news/2012/02/25/libpurple-otr-info-leak/
12.9.10 - CVE: CVE-2012-1257
Platform: Cross Platform