Pidgin Security Advisory

TitlePotential information leak from XMPP
Date2014-10-22
CVE NameCVE-2014-3698
Discovered ByThijs Alkemade and Paul Aurich
DescriptionA malicious server and possibly even a malicious remote user could create a carefully crafted XMPP message that causes libpurple to send an XMPP message containing arbitrary memory.
Fixed in Revisionea46ab68f0dc
Fixed in Version2.10.10
FixCorrectly determine the start and end position of buffers when performing stringprep.

Return to Security Advisory Index