Your submission was sent successfully! Close

CVE-2011-3594

Published: 4 November 2011

The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.

Priority

Medium

Status

Package Release Status
pidgin
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid
Released (1:2.6.6-1ubuntu4.4)
maverick
Released (1:2.7.3-1ubuntu3.3)
natty
Released (1:2.7.11-1ubuntu2.1)
oneiric Not vulnerable
(code not built)
upstream Needs triage