Pidgin Security Advisory
| Title | Yahoo! remote crash from incorrect character encoding |
|---|
| Date | 2014-01-28 |
|---|
| CVE Name | CVE-2012-6152 |
|---|
| Discovered By | Thijs Alkemade and Robert Vehse |
|---|
| Description | Many places in the Yahoo! protocol plugin assumed incoming strings were UTF-8 and failed to transcode from non-UTF-8 encodings. This can lead to a crash when receiving strings that aren't UTF-8. |
|---|
| Fixed in Revision | b0345c25f886 |
|---|
| Fixed in Version | 2.10.8 |
|---|
| Fix | Depending on the context, either validate that a string is UTF-8 or transcode the string from the appropriate encoding to UTF-8. |
|---|
Return to Security Advisory Index
