| Summary | Remote denial of service in Yahoo protocol plugin |
|---|---|
| Date | 2011-03-10 |
| CVE Number | CVE-2011-1091 |
| Discovered By | Marius Wachtler |
| Fixed In Release | 2.7.11 |
The Yahoo protocol plugin in libpurple versions 2.6.0 through 2.7.10 do not properly handle malformed YMSG packets, leading to NULL pointer dereferences and application crash.
Properly handle malformed packets by ignoring the packet or the missing field.