Pidgin Security Advisory

TitleRemote MXit user could specify local file path
CVE NameCVE-2013-0271
Discovered ByChris Wysopal, Veracode
DescriptionThe MXit protocol plugin saves an image to local disk using a filename that could potentially be partially specified by the IM server or by a remote user.
Fixed in Revisiona8aef1d340f2
Fixed in Version2.10.7
FixEscape values that come from the network before using them in filenames.

Return to Security Advisory Index