cve-2009-1889-00

Summary ICQ parser excessive memory allocation
Date 2009-05-28
CVE Number CVE-2009-1889
Discovered By Yuriy Kaminskiy
Fixed In Release 2.5.8

Description

The ICQ prpl would misparse an incoming ICQ Web Message as an SMS message in certain circumstances, leading to an excessively large allocation.

Mitigation

Yuriy’s patch corrected the misparsing of such ICQ web messages so they are no longer treated as SMS messages and added validation to avoid unnecessary memory allocations.

Looking to reach us via XMPP? Check out the new PidginChat service!