cve-2014-3695-00

Summary Remote crash parsing malformed MXit emoticon
Date 2014-10-22
CVE Number CVE-2014-3695
Discovered By Yves Younan and Richard Johnson of Cisco Talos
Fixed In Release 2.10.10

Description

A malicious server or man-in-the-middle could trigger a crash in libpurple by sending an emoticon with an overly large length value.

Mitigation

Verify that the length value is valid before attempting to read data from the buffer.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site