CVE-2014-3698

Published: 23 October 2014

The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.

Priority

Status

Package	Release	Status
pidgin Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Released (1:2.10.3-0ubuntu1.6)
	trusty	Released (1:2.10.9-0ubuntu3.2)
	upstream	Released (2.10.10-1)
	utopic	Released (1:2.10.9-0ubuntu7.1)
	Patches: upstream: https://hg.pidgin.im/pidgin/main/rev/ea46ab68f0dc

References

http://www.pidgin.im/news/security/?id=90
https://ubuntu.com/security/notices/USN-2390-1
https://www.cve.org/CVERecord?id=CVE-2014-3698
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.