Summary Remote denial of service in Yahoo protocol plugin
Date 2011-03-10
CVE Number CVE-2011-1091
Discovered By Marius Wachtler
Fixed In Release 2.7.11


The Yahoo protocol plugin in libpurple versions 2.6.0 through 2.7.10 do not properly handle malformed YMSG packets, leading to NULL pointer dereferences and application crash.


Properly handle malformed packets by ignoring the packet or the missing field.

Looking to reach us via XMPP? Check out the new PidginChat service!