Pidgin Security Advisory

TitleNULL pointer dereference in parsing invalid HTML
Date2007-10-24
CVE NameCVE-2007-4999
Discovered ByJeffrey Rosen
SummaryReceiving invalid HTML can cause libpurple 2.1.0 through 2.2.1 to crash
DescriptionA remote user can cause a denial of service (crash) by sending a message with invalid HTML. It is believed that this crash can be triggered only when using HTML logging.
Fixed in Version2.2.2
FixThe affected function has been patched to fix the vulnerability.

Return to Security Advisory Index