cve-2009-3615-00

Summary ICQ and maybe AIM remote crash
Date 2009-10-16
CVE Number CVE-2009-3615
Discovered By nightwing666 in ticket
Fixed In Release 2.6.3

Description

A specially crafted message can trigger an incorrect memory access in the oscar protocol plugin which can lead to a crash. This happens when the SIM IM client attempts to send contacts to a libpurple user.

Mitigation

Check for the correct number of fields before attempting to dereference memory.

Looking to reach us via XMPP? Check out the new PidginChat service!