Summary Remote crash on some protocols
Date 2005-05-10
CVE Number CVE-2005-1261
Discovered By Stu Tomlinson
Fixed In Release 1.3.0


It is possible for a remote user to overflow a static buffer by sending an IM containing a very large URL (greater than 8192 bytes) to the Gaim user. This is not possible on all protocols, due to message length restrictions. Jabber are SILC are known to be vulnerable.


The URL parsing function was modified to not use a static buffer.

Looking to reach us via XMPP? Check out the new PidginChat service!