cve-2009-3085-00

Summary XMPP custom smiley parsing bug
Date 2009-09-03
CVE Number CVE-2009-3085
Discovered By Florob, Waqas, Paul Aurich and Marcus Lundblad
Fixed In Release 2.6.2

Description

The XMPP protocol plugin can crash when attempting to process an error response as a custom smiley. libpurple 2.5.2 through 2.6.1 are vulnerable. Older versions may be vulnerable as well.

Mitigation

Handle error iq responses appropriately.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site