oss-sec mailing list archives
CVE request: Pidgin crash
From: Mark Doliner <mark () kingant net>
Date: Fri, 9 Dec 2011 18:08:19 -0800
Hi! Would it be possible to issue a CVE for a newish crash in Pidgin? This is a remotely-triggerable crash in the oscar protocol (used by the AIM and ICQ plugins) when handling incoming buddy list-related SNACs. I do not believe remote-code execution is possible. It was discovered by Evgeny Boger and reported on our public issue tracker at http://developer.pidgin.im/ticket/14682 I do not believe a CVE exists for this yet. The Pidgin project will be releasing version 2.10.1 tomorrow and it will include a fix for this issue. Thanks (and sorry for sending this at the beginning of your weekends!), Mark
Current thread:
- CVE request: Pidgin crash Mark Doliner (Dec 09)
- Re: CVE request: Pidgin crash Kurt Seifried (Dec 09)