The host is installed with Pidgin-otr plugin before 3.2.1-1 for Pidgin and is prone to format string vulnerability. A flaw is present in the Off-the-Record Messaging (OTR) pidgin-otr plugin, which fails to handle format string specifiers in data that generates a log message. Successful exploitation could allow remote attackers to execute arbitrary code.