Severe Remote Memory Corruption Vulnerability in libotr / Off-the-Record Messaging (OTR) Discovered
Off-the-Record (OTR) Messaging is a cryptographic protocol used in well-known instant messaging clients such as Pidgin, ChatSecure, Adium and others. It is designed to work on top of existing protocols and used worldwide to provide secure communication in insecure environments. OTR is regarded as highly secure and according to documents revealed by Edward Snowden one of the protocols that the NSA is not able to decrypt via cryptanalysis. The most commonly used implementation of OTR is “libotr” which is a pure C code implementation of the OTR protocol.