cve-2009-3085-00

Summary XMPP custom smiley parsing bug
Date 2009-09-03
CVE Number CVE-2009-3085
Discovered By Florob, Waqas, Paul Aurich and Marcus Lundblad
Fixed In Release 2.6.2

Description

The XMPP protocol plugin can crash when attempting to process an error response as a custom smiley. libpurple 2.5.2 through 2.6.1 are vulnerable. Older versions may be vulnerable as well.

Mitigation

Handle error iq responses appropriately.

Looking to reach us via XMPP? Check out the new PidginChat service!