Pidgin Security Advisory

TitleRemote crash parsing malformed MXit emoticon
CVE NameCVE-2014-3695
Discovered ByYves Younan and Richard Johnson of Cisco Talos
DescriptionA malicious server or man-in-the-middle could trigger a crash in libpurple by sending an emoticon with an overly large length value.
Fixed in Revision6436e14bdb9d
Fixed in Version2.10.10
FixVerify that the length value is valid before attempting to read data from the buffer.

Return to Security Advisory Index