Pidgin Security Advisory

TitleRemote crash on some protocols
Date2005-05-10
CVE NameCVE-2005-1261
Discovered ByStu Tomlinson
SummarySpecially crafted messages on certain protocols can cause a buffer overflow
DescriptionIt is possible for a remote user to overflow a static buffer by sending an IM containing a very large URL (greater than 8192 bytes) to the Gaim user. This is not possible on all protocols, due to message length restrictions. Jabber are SILC are known to be vulnerable.
Fixed in Version1.3.0
FixThe URL parsing function was modified to not use a static buffer.

Return to Security Advisory Index