Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-6481

libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read.

Related bugs and status

CVE-2013-6481 (Candidate) is related to these bugs:

Bug #1275113: Update to 2.10.9

Summary				In	Importance	Status
	1275113	Update to 2.10.9		pidgin (Ubuntu)	Wishlist	Fix Released

Bug #1365548: Pidgin security updates

Summary				In	Importance	Status
	1365548	Pidgin security updates		Linux Mint	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://hg.pidgin.im/pi...
CONFIRM: http://www.pidgin.im/n...
DEBIAN: DSA-2859
REDHAT: RHSA-2014:0139
SUSE: openSUSE-SU-2014:0239
UBUNTU: USN-2100-1
SUSE: openSUSE-SU-2014:0326