| Summary | Buffer overflow in MXit emoticon parsing |
|---|---|
| Date | 2014-01-28 |
| CVE Number | CVE-2013-6489 |
| Discovered By | Yves Younan and Pawel Janic of Sourcefire VRT |
| Fixed In Release | 2.10.8 |
A specially crafted emoticon value could cause an integer overflow which could lead to a buffer overflow.
Use an unsigned integer and enforce a maximum size.