Pidgin Security Advisory
| Title | Remote denial of service from corrupt buddy icons |
|---|
| Date | 2011-06-23 |
|---|
| CVE Name | CVE-2011-2485 |
|---|
| Discovered By | Mark Doliner |
|---|
| Summary | A remote attacker could set a specially-crafted GIF image as their buddy icon that could lead to Pidgin being terminated due to excessive memory use |
|---|
| Description | It was found that the gdk-pixbuf GIF image loader routine gdk_pixbuf__gif_image_load() did not properly handle certain return values from its subroutines. A remote attacker could provide a specially-crafted GIF image, which, once opened in Pidgin, would lead gdk-pixbuf to return a partially initialized pixbuf structure. Using this structure, possibly containing a huge width and height, could lead to the application being terminated due to excessive memory use. |
|---|
| Fixed in Revision | 96183796df0c |
|---|
| Fixed in Version | 2.9.0 |
|---|
| Fix | Change Pidgin to look at the GError parameter in addition to the return value when calling certain gdk-pixbuf functions. |
|---|
Return to Security Advisory Index
