Summary Potential information leak from XMPP
Date 2014-10-22
CVE Number CVE-2014-3698
Discovered By Thijs Alkemade and Paul Aurich
Fixed In Release 2.10.10


A malicious server and possibly even a malicious remote user could create a carefully crafted XMPP message that causes libpurple to send an XMPP message containing arbitrary memory.


Correctly determine the start and end position of buffers when performing stringprep.

Looking to reach us via XMPP? Check out the new PidginChat service!