Pidgin Security Advisory

TitleYahoo! remote crash from incorrect character encoding
Date2014-01-28
CVE NameCVE-2012-6152
Discovered ByThijs Alkemade and Robert Vehse
DescriptionMany places in the Yahoo! protocol plugin assumed incoming strings were UTF-8 and failed to transcode from non-UTF-8 encodings. This can lead to a crash when receiving strings that aren't UTF-8.
Fixed in Revisionb0345c25f886
Fixed in Version2.10.8
FixDepending on the context, either validate that a string is UTF-8 or transcode the string from the appropriate encoding to UTF-8.

Return to Security Advisory Index