Pidgin Security Advisory
| Title | MSN emoticon denial of service |
|---|
| Date | 2010-05-12 |
|---|
| CVE Name | CVE-2010-1624 |
|---|
| Discovered By | Pierre Noguès of Meta Security |
|---|
| Summary | Libpurple clients can crash due to malformed SLP message |
|---|
| Description | A vulnerability was discovered in libpurple's MSN protocol plugin that can cause a denial of service (crash) due to insufficient validation of certain SLP packets related to custom emoticons. An attacker could use this vulnerability to remotely crash a client using libpurple for MSN. It is not possible for this vulnerability to be exploited for code execution. As a workaround, disabling custom emoticons on MSN accounts will prevent the vulnerability. |
|---|
| Fixed in Revision | a91ffa611a85 |
|---|
| Fixed in Version | 2.7.0 |
|---|
| Fix | Validation has been added to the MSN plugin to prevent the crash. |
|---|
Return to Security Advisory Index
