Summary MSN handwritten message crash
Date 2009-09-03
CVE Number CVE-2009-3084
Discovered By aly89 in ticket
Fixed In Release 2.6.2


The MSN protocol plugin used an incorrect character encoding when attempting to convert handwritten messages from one encoding to another. This caused the conversion to fail. This failure combined with an uninitialized variable can trigger a crash. The only vulnerable versions of libpurple are 2.6.0 and 2.6.1.


Use the correct character set name and initialize error to NULL.

Looking to reach us via XMPP? Check out the new PidginChat service!