Pidgin Security Advisory

TitleMSN handwritten message crash
CVE NameCVE-2009-3084
Discovered Byaly89 in ticket #10048 and Elliott Sales de Andrade
SummaryMSN incorrectly handles incoming handwritten messages, which can lead to a crash
DescriptionThe MSN protocol plugin used an incorrect character encoding when attempting to convert handwritten messages from one encoding to another. This caused the conversion to fail. This failure combined with an uninitialized variable can trigger a crash. The only vulnerable versions of libpurple are 2.6.0 and 2.6.1.
Fixed in Revisionb579df23a255
Fixed in Version2.6.2
FixUse the correct character set name and initialize error to NULL.

Return to Security Advisory Index