Cisco Talos is announcing the discovery and patching of another three 3 CVE vulnerabilities in Pidgin. The first vulnerability (CVE-2014-3697) is in the routines Pidgen uses to handle smiley and theme packages in Windows. An attacker who can control the contents of an Emoticon downloaded through the Mxit protocol can cause an out of memory exception by specifying an overly large size value for a memory allocation operation. An attack requires the ability to spoof messages to spoof the mxit protocol.”]
Source: https://blogs.cisco.com/security/talos/pidgin-3-times