CVE-2011-3594
Published: 4 November 2011
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.
Notes
Author | Note |
---|---|
mdeslaur | Oneiric+ isn't built with SILC support |
Priority
Status
Package | Release | Status |
---|---|---|
pidgin Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(1:2.6.6-1ubuntu4.4)
|
|
maverick |
Released
(1:2.7.3-1ubuntu3.3)
|
|
natty |
Released
(1:2.7.11-1ubuntu2.1)
|
|
oneiric |
Not vulnerable
(code not built)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://developer.pidgin.im/viewmtn/revision/info/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8 vendor: https://rhn.redhat.com/errata/RHSA-2011-1371.html |