cve-2014-3695-00

Summary Remote crash parsing malformed MXit emoticon
Date 2014-10-22
CVE Number CVE-2014-3695
Discovered By Yves Younan and Richard Johnson of Cisco Talos
Fixed In Release 2.10.10

Description

A malicious server or man-in-the-middle could trigger a crash in libpurple by sending an emoticon with an overly large length value.

Mitigation

Verify that the length value is valid before attempting to read data from the buffer.

Looking to reach us via XMPP? Check out the new PidginChat service!