Launchpad CVE tracker

CVE 2007-4996

libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location."

Related bugs and status

CVE-2007-4996 (Candidate) is related to these bugs:

Bug #139686: Pidgin 2.2.0 in Gutsy

Summary				In	Importance	Status
	139686	Pidgin 2.2.0 in Gutsy		pidgin (Ubuntu)	Undecided	Fix Released

Bug #147103: MSN nudges sent from unknown buddies can cause libpurple to crash

Summary				In	Importance	Status
	147103	MSN nudges sent from unknown buddies can cause libpurple to crash		pidgin (Ubuntu)	Low	Fix Released

Bug #158400: [CVE-2007-4999] pidgin HTML Processing Denial of Service

Summary				In	Importance	Status
	158400	[CVE-2007-4999] pidgin HTML Processing Denial of Service		pidgin (Ubuntu)	Undecided	Fix Released
	158400	[CVE-2007-4999] pidgin HTML Processing Denial of Service		pidgin (Ubuntu Gutsy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-4996

References