cve-2009-3084-00

Summary MSN handwritten message crash
Date 2009-09-03
CVE Number CVE-2009-3084
Discovered By aly89 in ticket
Fixed In Release 2.6.2

Description

The MSN protocol plugin used an incorrect character encoding when attempting to convert handwritten messages from one encoding to another. This caused the conversion to fail. This failure combined with an uninitialized variable can trigger a crash. The only vulnerable versions of libpurple are 2.6.0 and 2.6.1.

Mitigation

Use the correct character set name and initialize error to NULL.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site