Pidgin Security Advisory

TitleFinch XMPP MUC crash
Date2010-02-18
CVE NameCVE-2010-0420
Discovered BySadrul Habib Chowdhury
SummaryCertain nicknames in group chat rooms can trigger a crash in Finch
DescriptionIf a user in a multi-user chat room has a nickname containing '<br>' then libpurple ends up having two users with username ' ' in the room, and Finch crashes in this situation. We do not believe there is a possibility of remote code execution.
Fixed in Revisioncf4435714f5f
6c8add94b5a4
Fixed in Version2.6.6
FixCorrectly parse '<br>' so that it appears literally rather than as ' '.

Return to Security Advisory Index