CVE-2010-4528

Published: 7 January 2011

directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session.

Notes

Author	Note
mdeslaur	only affects 2.7.6-2.7.8

Priority

Status

Package	Release	Status
pidgin Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Not vulnerable (1:2.4.1-1ubuntu2.10)
	karmic	Not vulnerable (1:2.6.2-1ubuntu7.3)
	lucid	Not vulnerable (1:2.6.6-1ubuntu4.2)
	maverick	Not vulnerable (1:2.7.3-1ubuntu3.2)
	upstream	Released (2.7.9)
	Patches: upstream: http://developer.pidgin.im/viewmtn/revision/info/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031

References

http://pidgin.im/news/security/?id=49
https://www.cve.org/CVERecord?id=CVE-2010-4528
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›