CVE 2012-2318
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message.
Related bugs and status
CVE-2012-2318 (Candidate) is related to these bugs:
Bug #958208: Backport security fixes from Pidgin 2.10.1 and 2.10.2
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
958208 | Backport security fixes from Pidgin 2.10.1 and 2.10.2 | pidgin (Ubuntu) | Low | Fix Released | ||
958208 | Backport security fixes from Pidgin 2.10.1 and 2.10.2 | pidgin (Ubuntu Lucid) | Low | Fix Released | ||
958208 | Backport security fixes from Pidgin 2.10.1 and 2.10.2 | pidgin (Ubuntu Maverick) | Low | Won't Fix | ||
958208 | Backport security fixes from Pidgin 2.10.1 and 2.10.2 | pidgin (Ubuntu Oneiric) | Low | Fix Released | ||
958208 | Backport security fixes from Pidgin 2.10.1 and 2.10.2 | pidgin (Ubuntu Natty) | Low | Fix Released | ||
958208 | Backport security fixes from Pidgin 2.10.1 and 2.10.2 | pidgin (Ubuntu Precise) | Low | Fix Released |
Bug #996691: Pidgin may be vulnerable to remote MSN and XMPP crashes
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
996691 | Pidgin may be vulnerable to remote MSN and XMPP crashes | pidgin (Ubuntu) | Medium | Fix Released |
Bug #1022012: (CVE-2012-3374) <pidgin-2.10.5: MXit buffer overflow
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1022012 | (CVE-2012-3374) <pidgin-2.10.5: MXit buffer overflow | pidgin (Ubuntu) | Undecided | Fix Released | ||
1022012 | (CVE-2012-3374) <pidgin-2.10.5: MXit buffer overflow | Gentoo Linux | High | Fix Released | ||
1022012 | (CVE-2012-3374) <pidgin-2.10.5: MXit buffer overflow | pidgin (Fedora) | Medium | Fix Released | ||
1022012 | (CVE-2012-3374) <pidgin-2.10.5: MXit buffer overflow | Pidgin | Unknown | Fix Released |
See the
CVE page on Mitre.org
for more details.