Computer Security
[EN] securityvulns.ru no-pyccku


libpurple / Pidgin DoS
updated since 27.11.2011
Published:19.12.2011
Source:
SecurityVulns ID:12062
Type:remote
Threat Level:
5/10
Description:Crash on SILC protocol parsing, crash on OSCAR parsing (AIM, ICQ).
Affected:LIBPURPLE : libpurple 2.10
CVE:CVE-2011-4601 (family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.)
 CVE-2011-3594 (The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:183 ] pidgin (19.12.2011)
 documentUBUNTU, [USN-1273-1] Pidgin vulnerabilities (27.11.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod