Pidgin Security Advisory
| Title | MSN handwritten message crash |
|---|
| Date | 2009-09-03 |
|---|
| CVE Name | CVE-2009-3084 |
|---|
| Discovered By | aly89 in ticket #10048 and Elliott Sales de Andrade |
|---|
| Summary | MSN incorrectly handles incoming handwritten messages, which can lead to a crash |
|---|
| Description | The MSN protocol plugin used an incorrect character encoding when attempting to convert handwritten messages from one encoding to another. This caused the conversion to fail. This failure combined with an uninitialized variable can trigger a crash. The only vulnerable versions of libpurple are 2.6.0 and 2.6.1. |
|---|
| Fixed in Revision | b579df23a255 |
|---|
| Fixed in Version | 2.6.2 |
|---|
| Fix | Use the correct character set name and initialize error to NULL. |
|---|
Return to Security Advisory Index
