Pidgin Security Advisory

TitleICQ and maybe AIM remote crash
CVE NameCVE-2009-3615
Discovered Bynightwing666 in ticket #10481
SummaryA remote user can cause libpurple-based clients to crash
DescriptionA specially crafted message can trigger an incorrect memory access in the oscar protocol plugin which can lead to a crash. This happens when the SIM IM client attempts to send contacts to a libpurple user.
Fixed in Revision7dc8dfacd548
Fixed in Version2.6.3
FixCheck for the correct number of fields before attempting to dereference memory.

Return to Security Advisory Index