Pidgin Security Advisory

TitleAIM/ICQ remote denial of service
Date2005-02-17
CVE NameCVE-2005-0472
Discovered ByBrandon Scott ("Xeon")
SummaryClient freezes when receiving certain invalid messages
DescriptionCertain malformed SNAC packets sent by other AIM or ICQ users can trigger an infinite loop in Gaim when parsing the SNAC. The remote user would need a custom client, able to generate malformed SNACs.
Fixed in Version1.1.3
FixThe OSCAR protocol plugin was modified to drop these malformed packets.

Return to Security Advisory Index