Pidgin Security Advisory
| Title | Remote crash parsing malformed MXit emoticon |
|---|---|
| Date | 2014-10-22 |
| CVE Name | CVE-2014-3695 |
| Discovered By | Yves Younan and Richard Johnson of Cisco Talos |
| Description | A malicious server or man-in-the-middle could trigger a crash in libpurple by sending an emoticon with an overly large length value. |
| Fixed in Revision | 6436e14bdb9d |
| Fixed in Version | 2.10.10 |
| Fix | Verify that the length value is valid before attempting to read data from the buffer. |
