Pidgin Security Advisory
| Title | ICQ parser excessive memory allocation |
|---|
| Date | 2009-05-28 |
|---|
| CVE Name | CVE-2009-1889 |
|---|
| Discovered By | Yuriy Kaminskiy |
|---|
| Summary | Misparsed web messages can result in excessive memory allocation |
|---|
| Description | The ICQ prpl would misparse an incoming ICQ Web Message as an SMS message in certain circumstances, leading to an excessively large allocation. |
|---|
| Fixed in Version | 2.5.8 |
|---|
| Fix | Yuriy's patch corrected the misparsing of such ICQ web messages so they are no longer treated as SMS messages and added validation to avoid unnecessary memory allocations. |
|---|
Return to Security Advisory Index
