Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-6487

Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow.

Related bugs and status

CVE-2013-6487 (Candidate) is related to these bugs:

Bug #1275113: Update to 2.10.9

Summary				In	Importance	Status
	1275113	Update to 2.10.9		pidgin (Ubuntu)	Wishlist	Fix Released

Bug #1365548: Pidgin security updates

Summary				In	Importance	Status
	1365548	Pidgin security updates		Linux Mint	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://hg.pidgin.im/pi...
CONFIRM: http://www.pidgin.im/n...
MISC: http://libgadu.net/rel...
MISC: http://vrt-blog.snort....
CONFIRM: http://advisories.mage...
DEBIAN: DSA-2852
DEBIAN: DSA-2859
FEDORA: FEDORA-2014-2391
MANDRIVA: MDVSA-2014:039
REDHAT: RHSA-2014:0139
UBUNTU: USN-2101-1
BID: 65188
SUSE: openSUSE-SU-2014:0239
UBUNTU: USN-2100-1
SUSE: openSUSE-SU-2014:0326
GENTOO: GLSA-201508-02