Pidgin Security Advisory

TitleNULL pointer dereference parsing OIM data in MSN
CVE NameCVE-2013-6482
Discovered ByFabian Yamaguchi and Christian Wressnegger of the University of Goettingen
DescriptionA malicious server or man-in-the-middle could send us a specially-crafted XML response that results in a NULL pointer dereference.
Fixed in Revisionef836278304b
Fixed in Version2.10.8
FixCheck for NULL before calling atoi().

Return to Security Advisory Index