Summary Remote denial of service in Yahoo protocol plugin
Date 2011-03-10
CVE Number CVE-2011-1091
Discovered By Marius Wachtler
Fixed In Release 2.7.11


The Yahoo protocol plugin in libpurple versions 2.6.0 through 2.7.10 do not properly handle malformed YMSG packets, leading to NULL pointer dereferences and application crash.


Properly handle malformed packets by ignoring the packet or the missing field.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site