PublicDateAtUSN: 2010-05-14
Candidate: CVE-2010-1624
PublicDate: 2010-05-14 19:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1624
 http://pidgin.im/news/security/?id=46
 https://ubuntu.com/security/notices/USN-1014-1
Description:
 The msn_emoticon_msg function in slp.c in the MSN protocol plugin in
 libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause
 a denial of service (NULL pointer dereference and application crash) via a
 custom emoticon in a malformed SLP message.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by: Pierre Noguès
Assigned-to: mdeslaur
CVSS: 

Patches_pidgin:
 upstream: http://developer.pidgin.im/viewmtn/revision/info/894460d22c434e73d60b71ec031611988e687c8b
upstream_pidgin: released (2.7.0)
dapper_pidgin: DNE
hardy_pidgin: released (1:2.4.1-1ubuntu2.10)
jaunty_pidgin: ignored (reached end-of-life)
karmic_pidgin: released (1:2.6.2-1ubuntu7.3)
lucid_pidgin: released (1:2.6.6-1ubuntu4.1)
maverick_pidgin: not-affected (1:2.7.3-1ubuntu3)
devel_pidgin: not-affected (1:2.7.3-1ubuntu3)