Pidgin Security Advisory

TitleICQ parser excessive memory allocation
CVE NameCVE-2009-1889
Discovered ByYuriy Kaminskiy
SummaryMisparsed web messages can result in excessive memory allocation
DescriptionThe ICQ prpl would misparse an incoming ICQ Web Message as an SMS message in certain circumstances, leading to an excessively large allocation.
Fixed in Version2.5.8
FixYuriy's patch corrected the misparsing of such ICQ web messages so they are no longer treated as SMS messages and added validation to avoid unnecessary memory allocations.

Return to Security Advisory Index