cve-2009-3615-00

Summary ICQ and maybe AIM remote crash
Date 2009-10-16
CVE Number CVE-2009-3615
Discovered By nightwing666 in ticket
Fixed In Release 2.6.3

Description

A specially crafted message can trigger an incorrect memory access in the oscar protocol plugin which can lead to a crash. This happens when the SIM IM client attempts to send contacts to a libpurple user.

Mitigation

Check for the correct number of fields before attempting to dereference memory.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site