intrigeri discovered a format string error in pidgin-otr, an off-the-record messaging plugin for Pidgin. This could be exploited by a remote attacker to cause arbitrary code to be executed on the user"s machine. The problem is only in pidgin-otr. Other applications which use libotr are not affected.