Pidgin Security Advisory

TitleAIM and ICQ remote crash
Date2011-10-20
CVE NameCVE-2011-4601
Discovered ByEvgeny Boger
DescriptionWhen receiving various messages related to requesting or receiving authorization for adding a buddy to a buddy list, the oscar protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash.
Fixed in Revision8431da66063b
Fixed in Version2.10.1
FixValidate incoming strings as UTF-8 before using them as such.

Return to Security Advisory Index