cve-2010-4528-00

Summary MSN direct connection denial of service
Date 2010-12-26
CVE Number CVE-2010-4528
Discovered By Stu Tomlinson
Fixed In Release 2.7.9

Description

It was discovered that libpurple 2.7.6 through 2.7.8 did not properly handle “short” packets in MSN direct connection sessions, leading to a crash due to a NULL pointer dereference. Malicious clients or users can exploit this to cause a denial of service (crash).

Mitigation

Ignore short packets.

Looking to reach us via XMPP? Check out the new PidginChat service!