Summary MSN Remote file transfer filename DoS
Date 2008-06-25
CVE Number CVE-2008-2955
Discovered By Juan Pablo Lopez Yacubian
Fixed In Release 2.4.3


A remote MSN user can cause a denial of service (crash) by sending a file with a file with a filename containing invalid characters. The local user must then accept the file transfer to trigger a double-free.


A fix was applied to ensure that the double-free didn’t occur.

Looking to reach us via XMPP? Check out the new PidginChat service!