Pidgin Security Advisory

TitleSILC remote crash
Date2011-09-29
CVE NameCVE-2011-3594
Discovered ByDiego Bauche Madero from IOActive
DescriptionWhen receiving various incoming messages, the SILC protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash.
Fixed in Revision69372ee4f474
Fixed in Version2.10.1
FixValidate incoming strings as UTF-8 before using them as such.

Return to Security Advisory Index