CVE-2011-3594
Published: 4 November 2011
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
pidgin Launchpad, Ubuntu, Debian |
hardy |
Ignored
(reached end-of-life)
|
| lucid |
Released
(1:2.6.6-1ubuntu4.4)
|
|
| maverick |
Released
(1:2.7.3-1ubuntu3.3)
|
|
| natty |
Released
(1:2.7.11-1ubuntu2.1)
|
|
| oneiric |
Not vulnerable
(code not built)
|
|
| upstream |
Needs triage
|
|
|
Patches: upstream: http://developer.pidgin.im/viewmtn/revision/info/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8 vendor: https://rhn.redhat.com/errata/RHSA-2011-1371.html |
||