Summary NULL pointer dereference in parsing invalid HTML
Date 2007-10-24
CVE Number CVE-2007-4999
Discovered By Jeffrey Rosen
Fixed In Release 2.2.2


A remote user can cause a denial of service (crash) by sending a message with invalid HTML. It is believed that this crash can be triggered only when using HTML logging.


The affected function has been patched to fix the vulnerability.

Looking to reach us via XMPP? Check out the new PidginChat service!