Your submission was sent successfully! Close

CVE-2011-3594

Published: 4 November 2011

The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.

Priority

Medium

Status

Package Release Status
pidgin
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid
Released (1:2.6.6-1ubuntu4.4)
maverick
Released (1:2.7.3-1ubuntu3.3)
natty
Released (1:2.7.11-1ubuntu2.1)
oneiric Not vulnerable
(code not built)
upstream Needs triage

Patches:
upstream: http://developer.pidgin.im/viewmtn/revision/info/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8
vendor: https://rhn.redhat.com/errata/RHSA-2011-1371.html