Pidgin Security Advisory

TitleICQ X-Status denial of service
CVE NameCVE-2010-2528
Discovered ByMark Doliner
Summarylibpurple clients can crash due to malformed X-Status messages
DescriptionCertain incorrectly formed X-Status messages can cause libpurple to attempt to dereference a NULL pointer, which triggers a crash.
Fixed in Revisiona56f371f289a
Fixed in Version2.7.2
FixImprove the parsing of the X-Status message to be more robust

Return to Security Advisory Index