Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-3695

markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response.

Related bugs and status

CVE-2014-3695 (Candidate) is related to these bugs:

Bug #1386410: Pidgin needs an update/patch

Summary				In	Importance	Status
	1386410	Pidgin needs an update/patch		pidgin (Ubuntu)	Undecided	Fix Released

Bug #1465052: pidgin 1.2.11 backport required

Summary				In	Importance	Status
	1465052	pidgin 1.2.11 backport required		pidgin (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://hg.pidgin.im/pi...
CONFIRM: http://pidgin.im/news/...
DEBIAN: DSA-3055
UBUNTU: USN-2390-1
SUSE: openSUSE-SU-2014:1376
SECUNIA: 60741
SECUNIA: 61968
SUSE: openSUSE-SU-2014:1397
REDHAT: RHSA-2017:1854