Launchpad CVE tracker

CVE 2007-4999

libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996.

Related bugs and status

CVE-2007-4999 (Candidate) is related to these bugs:

Bug #157347: NULL pointer dereference in parsing invalid HTML

Summary				In	Importance	Status
	157347	NULL pointer dereference in parsing invalid HTML		pidgin (Ubuntu)	Undecided	New

Bug #158400: [CVE-2007-4999] pidgin HTML Processing Denial of Service

Summary				In	Importance	Status
	158400	[CVE-2007-4999] pidgin HTML Processing Denial of Service		pidgin (Ubuntu)	Undecided	Fix Released
	158400	[CVE-2007-4999] pidgin HTML Processing Denial of Service		pidgin (Ubuntu Gutsy)	Undecided	Fix Released

Bug #160670: pidgin 2.2.1

Summary				In	Importance	Status
	160670	pidgin 2.2.1		pidgin (Ubuntu)	Undecided	New

Bug #161016: Pidgin 2.2.2 containing DoS fix not packaged

Summary				In	Importance	Status
	161016	Pidgin 2.2.2 containing DoS fix not packaged		pidgin (Ubuntu)	Undecided	New

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-4999

References