Summary Buffer overflow in MXit emoticon parsing
Date 2014-01-28
CVE Number CVE-2013-6489
Discovered By Yves Younan and Pawel Janic of Sourcefire VRT
Fixed In Release 2.10.8


A specially crafted emoticon value could cause an integer overflow which could lead to a buffer overflow.


Use an unsigned integer and enforce a maximum size.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site