Pidgin Security Advisory
| Title | Remote denial of service in Yahoo protocol plugin |
|---|
| Date | 2011-03-10 |
|---|
| CVE Name | CVE-2011-1091 |
|---|
| Discovered By | Marius Wachtler |
|---|
| Summary | Improper handling of malformed packets leads to denial of service |
|---|
| Description | The Yahoo protocol plugin in libpurple versions 2.6.0 through 2.7.10 do not properly handle malformed YMSG packets, leading to NULL pointer dereferences and application crash. |
|---|
| Fixed in Revision | 3efb6fbae94a |
|---|
| Fixed in Version | 2.7.11 |
|---|
| Fix | Properly handle malformed packets by ignoring the packet or the missing field. |
|---|
Return to Security Advisory Index
