PublicDate: 2007-10-01 20:17:00 UTC
Candidate: CVE-2007-4996
References: 
 http://developer.pidgin.im/viewmtn/revision/diff/f7687aed5d4c60018282a0629b67556f506ceb54/with/a5dd91b5d76972cf72a56209503c7e32d71c6e3c/libpurple/protocols/msn/switchboard.c
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4996
Description:
 libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge
 messages from users who are not on the receiver's buddy list, which allows
 remote attackers to cause a denial of service (crash) via a nudge message
 that triggers an access of "an invalid memory location."
Ubuntu-Description: 
Notes: 
 kees> remote crasher, but only in 2.2 series, it seems based on the patch
Bugs: 
Priority: low
Discovered-by:
Assigned-to: 
CVSS: 
upstream_pidgin: released (2.2.1)
dapper_gaim: not-affected (nudge code not present)
edgy_gaim: not-affected (nudge code not vulnerable)
feisty_gaim: not-affected (nudge code not vulnerable)
devel_pidgin: not-affected
upstream_gaim: not-affected