Pidgin Security Advisory
| Title | MSN Remote file transfer filename DoS |
|---|
| Date | 2008-06-25 |
|---|
| CVE Name | CVE-2008-2955 |
|---|
| Discovered By | Juan Pablo Lopez Yacubian |
|---|
| Summary | MSN file transfers with specially crafted file names can cause libpurple to crash |
|---|
| Description | A remote MSN user can cause a denial of service (crash) by sending a file with a file with a filename containing invalid characters. The local user must then accept the file transfer to trigger a double-free. |
|---|
| Fixed in Version | 2.4.3 |
|---|
| Fix | A fix was applied to ensure that the double-free didn't occur. |
|---|
Return to Security Advisory Index
