Pidgin Security Advisory

TitleURL decode buffer overflow
CVE NameCVE-2004-0785
Discovered BySean ("infamous42md")
SummaryReceiving exceedingly long URLs can cause a buffer overflow.
DescriptionBuffer overflow. The URL is decoded into a static buffer of length 2048 bytes. I'm not sure it's possible to receive a URL longer than 2048 bytes, as many protocols have message limits that are shorter than that.
Fixed in Version0.82
FixA check to make sure the source string is shorter than 2048 bytes is performed.

Return to Security Advisory Index