Pidgin Security Advisory

TitleCrash when receiving a UPnP response with abnormally long values
Date2013-02-13
CVE NameCVE-2013-0274
Discovered ByCoverity static analysis
Descriptionlibpurple failed to null-terminate some strings when parsing the response from a UPnP router. This could lead to a crash if a malicious user on your network responds with a specially crafted message.
Fixed in Revisionad7e7fb98db3
Fixed in Version2.10.7
FixUse g_strlcpy() instead of strncpy() to guarrantee that strings are null-terminated.

Return to Security Advisory Index