Pidgin Security Advisory

TitleMSN SLP DOS (malloc error)
Discovered ByGaim
SummaryCrash when receiving malformed MSN SLP message
DescriptionRemote crash. Gaim allocates a buffer for the payload of each message received based on the size field in the header of the message. A malicious peer could specify an invalid size that exceeds the amount of available memory.
Fixed in Version1.0.2
FixReplace call to g_malloc() with call to g_try_malloc(). If the memory could not be allocated the function returns instead of causing the application to crash.

Return to Security Advisory Index