Pidgin Security Advisory

TitleMSN emoticon denial of service
Date2010-05-12
CVE NameCVE-2010-1624
Discovered ByPierre Nogu├Ęs of Meta Security
SummaryLibpurple clients can crash due to malformed SLP message
DescriptionA vulnerability was discovered in libpurple's MSN protocol plugin that can cause a denial of service (crash) due to insufficient validation of certain SLP packets related to custom emoticons. An attacker could use this vulnerability to remotely crash a client using libpurple for MSN. It is not possible for this vulnerability to be exploited for code execution. As a workaround, disabling custom emoticons on MSN accounts will prevent the vulnerability.
Fixed in Revisiona91ffa611a85
Fixed in Version2.7.0
FixValidation has been added to the MSN plugin to prevent the crash.

Return to Security Advisory Index