Summary Finch XMPP MUC crash
Date 2010-02-18
CVE Number CVE-2010-0420
Discovered By Sadrul Habib Chowdhury
Fixed In Release 2.6.6


If a user in a multi-user chat room has a nickname containing ‘ ’ then libpurple ends up having two users with username ' ' in the room, and Finch crashes in this situation. We do not believe there is a possibility of remote code execution.


Correctly parse ‘ ’ so that it appears literally rather than as ' ‘.

Looking to reach us via XMPP? Check out the new PidginChat service!