CVE 2012-2318
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message.
Related bugs and status
CVE-2012-2318 (Candidate) is related to these bugs:
Bug #958208: Backport security fixes from Pidgin 2.10.1 and 2.10.2
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 958208 | Backport security fixes from Pidgin 2.10.1 and 2.10.2 | pidgin (Ubuntu) | Low | Fix Released | ||
| 958208 | Backport security fixes from Pidgin 2.10.1 and 2.10.2 | pidgin (Ubuntu Lucid) | Low | Fix Released | ||
| 958208 | Backport security fixes from Pidgin 2.10.1 and 2.10.2 | pidgin (Ubuntu Maverick) | Low | Won't Fix | ||
| 958208 | Backport security fixes from Pidgin 2.10.1 and 2.10.2 | pidgin (Ubuntu Oneiric) | Low | Fix Released | ||
| 958208 | Backport security fixes from Pidgin 2.10.1 and 2.10.2 | pidgin (Ubuntu Natty) | Low | Fix Released | ||
| 958208 | Backport security fixes from Pidgin 2.10.1 and 2.10.2 | pidgin (Ubuntu Precise) | Low | Fix Released | ||
Bug #996691: Pidgin may be vulnerable to remote MSN and XMPP crashes
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 996691 | Pidgin may be vulnerable to remote MSN and XMPP crashes | pidgin (Ubuntu) | Medium | Fix Released | ||
Bug #1022012: (CVE-2012-3374) <pidgin-2.10.5: MXit buffer overflow
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1022012 | (CVE-2012-3374) <pidgin-2.10.5: MXit buffer overflow | pidgin (Ubuntu) | Undecided | Fix Released | ||
| 1022012 | (CVE-2012-3374) <pidgin-2.10.5: MXit buffer overflow | Gentoo Linux | High | Fix Released | ||
| 1022012 | (CVE-2012-3374) <pidgin-2.10.5: MXit buffer overflow | pidgin (Fedora) | Medium | Fix Released | ||
| 1022012 | (CVE-2012-3374) <pidgin-2.10.5: MXit buffer overflow | Pidgin | Unknown | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
