Pidgin Security Advisory

Titlepurple_base64_decode() remote crashes
CVE NameCVE-2010-3711
Discovered ByDaniel Atallah
SummaryMultiple remotely-triggered denials of service
DescriptionIt has been discovered that eight denial of service conditions exist in libpurple all due to insufficient validation of the return value from purple_base64_decode(). Invalid or malformed data received in place of a valid base64-encoded value in portions of the Yahoo!, MSN, MySpaceIM, and XMPP protocol plugins and the NTLM authentication support trigger a crash. These vulnerabilities can be leveraged by a remote user for denial of service.
Fixed in Revision1a7e2da2ab01
Fixed in Version2.7.4
FixCheck the return value from purple_base64_decode() before trying to use it.

Return to Security Advisory Index