Pidgin Security Advisory
| Title | ICQ and maybe AIM remote crash |
|---|
| Date | 2009-10-16 |
|---|
| CVE Name | CVE-2009-3615 |
|---|
| Discovered By | nightwing666 in ticket #10481 |
|---|
| Summary | A remote user can cause libpurple-based clients to crash |
|---|
| Description | A specially crafted message can trigger an incorrect memory access in the oscar protocol plugin which can lead to a crash. This happens when the SIM IM client attempts to send contacts to a libpurple user. |
|---|
| Fixed in Revision | 7dc8dfacd548 |
|---|
| Fixed in Version | 2.6.3 |
|---|
| Fix | Check for the correct number of fields before attempting to dereference memory. |
|---|
Return to Security Advisory Index
