Pidgin Security Advisory

TitleRemote crash parsing malformed Groupwise message
Date2014-10-22
CVE NameCVE-2014-3696
Discovered ByYves Younan and Richard Johnson of Cisco Talos
DescriptionA malicious server or man-in-the-middle could trigger a crash in libpurple by specifying that a large amount of memory should be allocated in many places in the UI.
Fixed in Revision44fd89158777
Fixed in Version2.10.10
FixImpose a maximum length when reading various types of messages.

Return to Security Advisory Index