Summary | ICQ parser excessive memory allocation |
---|---|
Date | 2009-05-28 |
CVE Number | CVE-2009-1889 |
Discovered By | Yuriy Kaminskiy |
Fixed In Release | 2.5.8 |
The ICQ prpl would misparse an incoming ICQ Web Message as an SMS message in certain circumstances, leading to an excessively large allocation.
Yuriy’s patch corrected the misparsing of such ICQ web messages so they are no longer treated as SMS messages and added validation to avoid unnecessary memory allocations.