CVE-2013-6487

Published: 03 February 2014

Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow.

Priority

Medium

Status

Package Release Status
libgadu
Launchpad, Ubuntu, Debian
Upstream
Released (1:1.11.3-1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(1:1.11.3-1)
pidgin
Launchpad, Ubuntu, Debian
Upstream
Released (2.10.8-1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1:2.10.9-0ubuntu1)
Patches:
Upstream: http://hg.pidgin.im/pidgin/main/rev/ec15aa187aa0