Gentoo Linux Security Advisory 201309-7 - A buffer overflow vulnerability in libotr could allow a remote attacker to execute arbitrary code or cause a Denial of Service condition. Versions less than 3.2.1 are affected.
b9f7d64ccd5178355d93a04d585ebd34103534407075dc6870418e5fe5e26682
Mandriva Linux Security Advisory 2013-097 - Just Ferguson discovered that libotr, an off-the-record messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks or potentially execute arbitrary code. The updated packages have been patched to correct this issue.
ba44af9f2a93bd9c88d88b13fbd48e0e938b28d608578c8c0e39c4c29d29b7d9
Ubuntu Security Notice 1541-1 - Justin Ferguson discovered multiple heap overflows in libotr. A remote attacker could use this to craft a malformed OTR message that could cause a denial of service via application crash or possibly execute arbitrary code.
6639415b413329405dd78b3fdeb6c09d08b8b5349b04696101dac765fabf6df4
Mandriva Linux Security Advisory 2012-131 - Just Ferguson discovered that libotr, an off-the-record messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks or potentially execute arbitrary code. The updated packages have been patched to correct this issue.
d2dfc5f2426fd1d0773603a84cfba004ef4a99ccaa10eaee9b7fdd6c41ecb855
Debian Linux Security Advisory 2526-1 - Just Ferguson discovered that libotr, an off-the-record (OTR) messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks or potentially execute arbitrary code.
7c01fb86e171c48aa3e6e49b606b9a1e9e94d6901619b80a625f9b7c0c78d71d