Pidgin Security Advisory

TitleMSN Remote file transfer filename DoS
Date2008-06-25
CVE NameCVE-2008-2955
Discovered ByJuan Pablo Lopez Yacubian
SummaryMSN file transfers with specially crafted file names can cause libpurple to crash
DescriptionA remote MSN user can cause a denial of service (crash) by sending a file with a file with a filename containing invalid characters. The local user must then accept the file transfer to trigger a double-free.
Fixed in Version2.4.3
FixA fix was applied to ensure that the double-free didn't occur.

Return to Security Advisory Index