Pidgin Security Advisory
| Title | Potential information leak from XMPP |
|---|
| Date | 2014-10-22 |
|---|
| CVE Name | CVE-2014-3698 |
|---|
| Discovered By | Thijs Alkemade and Paul Aurich |
|---|
| Description | A malicious server and possibly even a malicious remote user could create a carefully crafted XMPP message that causes libpurple to send an XMPP message containing arbitrary memory. |
|---|
| Fixed in Revision | ea46ab68f0dc |
|---|
| Fixed in Version | 2.10.10 |
|---|
| Fix | Correctly determine the start and end position of buffers when performing stringprep. |
|---|
Return to Security Advisory Index
