[CVE-2007-4999] pidgin HTML Processing Denial of Service
Bug #158400 reported by
Matti Lindell
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pidgin (Ubuntu) |
Fix Released
|
Undecided
|
Stephan Rügamer | ||
Gutsy |
Fix Released
|
Undecided
|
Kees Cook |
Bug Description
Binary package hint: pidgin
from http://
---
Description:
A weakness has been reported in Pidgin, which can be exploited by malicious people to cause a DoS (Denial of Service). The weakness is caused due to a NULL-pointer dereference error when processing messages with invalid HTML code and can be exploited to cause libpurple to crash. Successful exploitation may require that HTML logging is used.
Solution:
Update to version 2.2.2.
Related branches
Changed in pidgin: | |
status: | New → Confirmed |
Changed in pidgin: | |
assignee: | nobody → shermann |
status: | Confirmed → In Progress |
To post a comment you must log in.
Thank you for your bug. The patch is easy enough and doesn't justify a version update