Pidgin Security Advisory

TitleRemote DoS on receiving certain messages over IRC
Date2005-04-02
CVE NameCVE-2005-0966
Discovered ByJean-Yves Lefort
SummaryClient crash and other strange behavior when receiving specific messages over IRC
DescriptionThe IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.
Fixed in Version1.2.1
FixThe IRC protocol plugin was modified to escape appropriate messages passed to the Gaim core.

Return to Security Advisory Index