Launchpad.net

CVE 2011-3594

The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.

Related bugs and status

CVE-2011-3594 (Candidate) is related to these bugs:

Bug #903816: [Update Package] Pidgin 2.10.1

Summary				In	Importance	Status
	903816	[Update Package] Pidgin 2.10.1		GetDeb Software Portal	Medium	Fix Released

Bug #958208: Backport security fixes from Pidgin 2.10.1 and 2.10.2

		In	Importance	Status
958208	Backport security fixes from Pidgin 2.10.1 and 2.10.2	pidgin (Ubuntu)	Low	Fix Released
958208	Backport security fixes from Pidgin 2.10.1 and 2.10.2	pidgin (Ubuntu Lucid)	Low	Fix Released
958208	Backport security fixes from Pidgin 2.10.1 and 2.10.2	pidgin (Ubuntu Maverick)	Low	Won't Fix
958208	Backport security fixes from Pidgin 2.10.1 and 2.10.2	pidgin (Ubuntu Oneiric)	Low	Fix Released
958208	Backport security fixes from Pidgin 2.10.1 and 2.10.2	pidgin (Ubuntu Natty)	Low	Fix Released
958208	Backport security fixes from Pidgin 2.10.1 and 2.10.2	pidgin (Ubuntu Precise)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-3594

Related bugs and status

Related bugs

References