Pidgin Security Advisory

TitleQQ remote DoS
Date2009-05-03
CVE NameCVE-2009-1374
Discovered ByKa-Hing Cheung
SummaryPossible remote denial of service when receiving a QQ packet
Descriptiondecrypt_out() always writes 8 bytes past the supplied buffer, which is always allocated on the stack. We don't believe this can cause anything outside of a crash.
Fixed in Version2.5.6
Fixdecrypt_out() is fixed to not write past the end of the buffer.

Return to Security Advisory Index