PublicDateAtUSN: 2009-09-08
Candidate: CVE-2009-2703
PublicDate: 2009-09-08 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2703
 http://www.pidgin.im/news/security/index.php?id=40
 http://pidgin.im/pipermail/devel/2009-September/008850.html
 https://ubuntu.com/security/notices/USN-886-1
Description:
 libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in
 Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service
 (NULL pointer dereference and application crash) via a TOPIC message that
 lacks a topic string.
Ubuntu-Description:
Notes:
 mdeslaur> PoC in Red Hat bug
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2703
Priority: low
Discovered-by: Cristofaro Mune
Assigned-to:
CVSS: 

Patches_pidgin:
 upstream: http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3
upstream_pidgin: released (2.6.2)
dapper_pidgin: DNE
hardy_pidgin: released (1:2.4.1-1ubuntu2.8)
intrepid_pidgin: released (1:2.5.2-0ubuntu1.6)
jaunty_pidgin: released (1:2.5.5-1ubuntu8.5)
karmic_pidgin: not-affected (1:2.6.2-1ubuntu2)
devel_pidgin: not-affected (1:2.6.2-1ubuntu2)