Pidgin Security Advisory
| Title | Remote crash parsing malformed Groupwise message |
|---|
| Date | 2014-10-22 |
|---|
| CVE Name | CVE-2014-3696 |
|---|
| Discovered By | Yves Younan and Richard Johnson of Cisco Talos |
|---|
| Description | A malicious server or man-in-the-middle could trigger a crash in libpurple by specifying that a large amount of memory should be allocated in many places in the UI. |
|---|
| Fixed in Revision | 44fd89158777 |
|---|
| Fixed in Version | 2.10.10 |
|---|
| Fix | Impose a maximum length when reading various types of messages. |
|---|
Return to Security Advisory Index
