Summary Buffer overflow in MXit emoticon parsing
Date 2014-01-28
CVE Number CVE-2013-6489
Discovered By Yves Younan and Pawel Janic of Sourcefire VRT
Fixed In Release 2.10.8


A specially crafted emoticon value could cause an integer overflow which could lead to a buffer overflow.


Use an unsigned integer and enforce a maximum size.

Looking to reach us via XMPP? Check out the new PidginChat service!