Pidgin Security Advisory
| Title | Finch XMPP MUC crash |
|---|---|
| Date | 2010-02-18 |
| CVE Name | CVE-2010-0420 |
| Discovered By | Sadrul Habib Chowdhury |
| Summary | Certain nicknames in group chat rooms can trigger a crash in Finch |
| Description | If a user in a multi-user chat room has a nickname containing '<br>' then libpurple ends up having two users with username ' ' in the room, and Finch crashes in this situation. We do not believe there is a possibility of remote code execution. |
| Fixed in Revision | cf4435714f5f 6c8add94b5a4 |
| Fixed in Version | 2.6.6 |
| Fix | Correctly parse '<br>' so that it appears literally rather than as ' '. |
