The host is installed with Pidgin before 2.6.3 and is prone to denial of service vulnerability. The flaw is present in the OSCAR protocol plugin in libpurple in Pidgin, which fails to properly handle crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client. Successful exploitation could allow remote attackers to cause a denial of service (application crash).