Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-6478

gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip.

Related bugs and status

CVE-2013-6478 (Candidate) is related to these bugs:

Bug #1275113: Update to 2.10.9

Summary				In	Importance	Status
	1275113	Update to 2.10.9		pidgin (Ubuntu)	Wishlist	Fix Released

Bug #1365548: Pidgin security updates

Summary				In	Importance	Status
	1365548	Pidgin security updates		Linux Mint	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [support] 20130301 err...
MLIST: [support] 20130301 err...
CONFIRM: http://hg.pidgin.im/pi...
CONFIRM: http://pidgin.im/news/...
DEBIAN: DSA-2859
REDHAT: RHSA-2014:0139
SUSE: openSUSE-SU-2014:0239
UBUNTU: USN-2100-1
SUSE: openSUSE-SU-2014:0326