oss-sec mailing list archives

CVE request: Pidgin crash

From: Mark Doliner <mark () kingant net>
Date: Fri, 9 Dec 2011 18:08:19 -0800

Hi!  Would it be possible to issue a CVE for a newish crash in Pidgin?
 This is a remotely-triggerable crash in the oscar protocol (used by
the AIM and ICQ plugins) when handling incoming buddy list-related
SNACs.  I do not believe remote-code execution is possible.  It was
discovered by Evgeny Boger and reported on our public issue tracker at
http://developer.pidgin.im/ticket/14682  I do not believe a CVE exists
for this yet.

The Pidgin project will be releasing version 2.10.1 tomorrow and it
will include a fix for this issue.

Thanks (and sorry for sending this at the beginning of your weekends!),
Mark

Current thread:

CVE request: Pidgin crash Mark Doliner (Dec 09)
- Re: CVE request: Pidgin crash Kurt Seifried (Dec 09)