cve-2010-2528-00

Summary ICQ X-Status denial of service
Date 2021-02-14
CVE Number CVE-2010-2528
Discovered By Mark Doliner
Fixed In Release 2.7.2

Description

Certain incorrectly formed X-Status messages can cause libpurple to attempt to dereference a NULL pointer, which triggers a crash.

Mitigation

Improve the parsing of the X-Status message to be more robust.

Looking to reach us via XMPP? Check out the new PidginChat service!