Pidgin Security Advisory

TitleRemote denial of service in Yahoo protocol plugin
CVE NameCVE-2011-1091
Discovered ByMarius Wachtler
SummaryImproper handling of malformed packets leads to denial of service
DescriptionThe Yahoo protocol plugin in libpurple versions 2.6.0 through 2.7.10 do not properly handle malformed YMSG packets, leading to NULL pointer dereferences and application crash.
Fixed in Revision3efb6fbae94a
Fixed in Version2.7.11
FixProperly handle malformed packets by ignoring the packet or the missing field.

Return to Security Advisory Index